Category Archives: EviCypher Technology

image_pdfimage_print

FormBook Malware: How to Protect Your Gmail and Other Data

FormBook Malware: how to protect your gmail and other data
Protect your Gmail Account FormBook malware – Jacques Gascuel: This article will be updated with any new information on the topic.

Secure Your Gmail from FormBook Attacks

FormBook is a malware that can steal your Gmail credentials, messages, and attachments. Learn how to use the Freemindtronic devices to encrypt your Gmail data and use passwordless and 2FA.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

How to Protect Your Gmail Account from FormBook Malware

Introduction

Imagine that you receive an email from your bank, asking you to confirm your identity by clicking on a link. You open the link, and you find yourself on a page that looks like your bank’s website, but it is actually a fake. You enter your credentials, and you think you are done. But in reality, you have just given access to your bank account to hackers, who will use it to steal your money, or worse. This is what FormBook can do, a malware that can steal your sensitive data, and that Google cannot stop. In this article, we will explain what FormBook is, how it works, and how to protect yourself from this malware.

What is FormBook and why is it a threat?

FormBook is a malware that can record your keystrokes, take screenshots, and steal your passwords, cookies, and clipboard data. It can also download and execute other malicious files on your device.

FormBook is distributed through phishing emails that contain malicious attachments. These attachments are usually disguised as invoices, receipts, or shipping confirmations. When you open them, they ask you to enable macros or content. If you do, the malware will be installed on your device.

FormBook can target any web browser, but it has a special feature for Chrome. It can inject a fake Gmail login page into your browser, and trick you into entering your credentials. The malware will then send your Gmail username and password to a remote server controlled by the hackers.

FormBook is a threat because it can compromise your Gmail account and access your personal and professional information. It can also use your Gmail account to send spam or phishing emails to your contacts, or to access other online services that are linked to your Gmail account, such as Google Drive, Google Photos, or Google Pay.

How to protect yourself from FormBook?

Google has not yet found a way to detect and block FormBook. Therefore, you need to be extra careful when you use Gmail and other online services. Here are some tips to protect yourself from FormBook and other malware:

  • Do not open or download attachments from unknown or suspicious senders. If you are not sure about the legitimacy of an email, contact the sender directly or check the official website of the company or organization.
  • Do not enable macros or content in any document unless you trust the source. Macros are small programs that can run malicious code on your device.
  • Use a strong and unique password for your Gmail account and other online accounts. Do not reuse the same password for different services. Change your password regularly and use a password manager to store and generate your passwords.
  • Enable two-factor authentication (2FA) for your Gmail account and other online accounts. 2FA adds an extra layer of security by requiring a code or a device confirmation in addition to your password.
  • Use a reputable antivirus software and keep it updated. Antivirus software can scan your device for malware and remove it. You can also use a browser extension that can block malicious websites and pop-ups.

How to encrypt your Gmail messages and attachments with DataShielder NFC HSM

DataShielder NFC HSM is a device that allows you to encrypt and decrypt your Gmail messages and attachments with your own encryption keys that you create and store offline. It uses the EviCypher NFC HSM technology, which is a contactless hardware security module (NFC HSM) that won the Gold Medal for International Inventions in Geneva on March 2021.

With DataShielder NFC HSM, you can encrypt and decrypt your data with AES-256 keys that are randomly generated and stored in the NFC HSM. You can store up to 100 keys and one pair of RSA-4096 keys in the NFC HSM. You can also use different keys for the message and the attachment.

To encrypt your Gmail message and attachment, you need to use the EviCrypt and EviFile applications that are embedded in the DataShielder NFC HSM. These applications allow you to encrypt and decrypt your data with a simple tap of your NFC phone on the DataShielder NFC HSM. You can also share your encrypted data with other users who have the same device and the same key.

By using DataShielder NFC HSM, you can protect your Gmail messages and attachments from FormBook or any other malware that can access your Gmail account. Even if your Gmail account is hacked, your encrypted data will remain encrypted and unreadable by the hackers. Only you and the authorized recipients can decrypt your data with the DataShielder NFC HSM.

How to protect your web Gmail account with passwordless and 2FA using PassCypher NFC HSM

Do you want to manage your web accounts with complicated and complex passwords that you do not need to know, remember, or type? If yes, then you should try PassCypher NFC HSM. This device uses the EviPass NFC HSM technology, which is a contactless hardware password manager that won the Silver Medal for International Inventions in Geneva on March 2021.

With PassCypher NFC HSM, you can create and store your usernames and passwords of more than 256-bit in the NFC HSM. Moreover, you can store your OTP TOTP or HOTP secret keys in the NFC HSM to generate the 2FA code for your web accounts. The NFC HSM can store up to 100 web accounts and one pair of RSA-4096 keys.

To use PassCypher NFC HSM, you need to install the Freemindtronic extension for your web browser based on Chromium or Firefox. This extension uses the EviCore NFC HSM Browser technology, which allows you to communicate with the NFC HSM via your NFC phone. You also need to use the EviPass and EviOTP applications that are embedded in the PassCypher NFC HSM. These applications allow you to create, edit, and delete your web accounts and OTP secret keys with a simple tap of your NFC phone on the PassCypher NFC HSM.

By using PassCypher NFC HSM, you can secure your web accounts with passwordless and 2FA. You do not need to display, know, or type your username and password. You just need to tap your NFC phone on the PassCypher NFC HSM and the extension will autofill and auto login your web account. You also do not need to check for a typosquatting attack, since the extension will verify the URL of the website before logging in. And you do not need to use another device or application to generate the 2FA code, since the PassCypher NFC HSM will do it for you.

How to protect your Gmail account from FormBook with PassCypher NFC HSM

FormBook is a dangerous malware that can access your Gmail account and other sensitive data. Google has not yet found a solution to stop it. Therefore, you need to be vigilant and follow the best practices to protect yourself from cyberattacks. One of them is to use PassCypher NFC HSM to secure your Gmail account with passwordless and 2FA.

By using PassCypher NFC HSM, you can protect your Gmail account from FormBook or any other malware that can access your web browser. Even if your web browser is hacked, your usernames and passwords will remain encrypted and inaccessible by the hackers. Only you can decrypt your Gmail account with the PassCypher NFC HSM. And even if the hackers manage to steal your session cookies, they will not be able to log in to your Gmail account without the 2FA code that is generated by the PassCypher NFC HSM.

To use PassCypher NFC HSM with your Gmail account, you need to follow these steps:

  • Create a Gmail account in the EviPass application on the PassCypher NFC HSM. You can use the default username and password, or you can generate a random and complex password with the EviPass application.
  • Enable 2FA for your Gmail account on the Google website.
  • Choose the option to use an authenticator app, and scan the QR code with the EviOTP application on the PassCypher NFC HSM. This will store your OTP secret key in the NFC HSM.
  • Log in to your Gmail account with the Freemindtronic extension on your web browser. Tap your NFC phone on the PassCypher NFC HSM and the extension will autofill and auto login your Gmail account. You will also see a pop-up window with the 2FA code that you need to enter on the Google website.

By following these steps, you can use PassCypher NFC HSM to secure your Gmail account with passwordless and 2FA. You can also use PassCypher NFC HSM with other web accounts that support 2FA, such as Facebook, Twitter, or Amazon. This way, you can protect yourself from FormBook and other malware that can access your web browser.

Recent statistics on FormBook

FormBook is a malware that was first discovered in 2016, but it remains very active and dangerous. According to the Check Point report on cybersecurity in 2022, FormBook was the third most widespread malware in 2021, attacking 5% of enterprise networks. It was also the most prolific infostealer malware, accounting for 16% of attacks worldwide.

FormBook spreads mainly through phishing emails that contain malicious attachments. These attachments are often RAR self-extracting archives, which are compressed files that can run malicious code when opened. The RAR files contain a legitimate document, such as a PDF or a Word file, and a hidden executable file, which is the FormBook malware. When the user opens the RAR file, the document is displayed, but the malware is also installed in the background.

FormBook can also spread through other methods, such as drive-by downloads, malicious links, or removable media. The malware can infect any Windows device, from Windows XP to Windows 10. The malware can also evade detection and removal by using various techniques, such as encryption, obfuscation, or anti-analysis.

Here are some recent statistics on FormBook, based on the data from Check Point and ANY.RUN:

  • FormBook was the most popular malware in August 2021, affecting 4.5% of organizations worldwide, followed by Trickbot and Agent Tesla, affecting respectively 4% and 3% of organizations worldwide.
  • FormBook was the fourth most common malware in 2020, according to the ranking of malware families by ANY.RUN. It accounted for 8% of the samples analyzed by the online sandboxing service.
  • FormBook was used in many phishing campaigns targeting various industries, such as defense, aerospace, health, education, finance, retail, etc. It was also used to attack Ukrainian targets during the war between Russia and Ukraine in 2022.
  • FormBook has a successor called XLoader, which appeared in 2020 and which is able to infect macOS users. XLoader is sold on the dark web for $59 for a Windows license and $49 for a macOS license.

Danger level of FormBook compared to other malware

FormBook is a very dangerous malware, because it can steal sensitive information, such as credentials, passwords, credit card numbers, 2FA codes, etc. It can also download and execute other malware, such as ransomware, banking trojans, spyware, etc. It can also remotely control the infected device and perform various malicious actions, such as deleting browser cookies, taking screenshots, restarting or shutting down the system, etc.

FormBook is also hard to detect and remove, because it uses advanced evasion techniques, such as code injection, string obfuscation, data encryption, anti-analysis, etc. It also changes frequently its name, path, and file extension, and uses random Windows registry keys to maintain its persistence.

To compare the danger level of FormBook with other known malware in its category, we can use the following criteria:

  • The number of organizations affected worldwide
  • The type and amount of information stolen
  • The ability to download and execute other malware
  • The ability to remotely control the infected device
  • The evasion techniques used
  • The ease of detection and removal

Here is a table that compares FormBook with other popular infostealer malware, such as Trickbot, Agent Tesla, LokiBot, and Raccoon:

Malware Number of organizations affected Type and amount of information stolen Ability to download and execute other malware Ability to remotely control the infected device Evasion techniques used Ease of detection and removal
FormBook 4.5% in August 2021 Credentials, passwords, credit card numbers, 2FA codes, screenshots, keystrokes, etc. Yes Yes Code injection, string obfuscation, data encryption, anti-analysis, etc. Hard
Trickbot 4% in August 2021 Credentials, passwords, banking information, personal data, etc. Yes Yes Code injection, string obfuscation, data encryption, anti-analysis, etc. Hard
Agent Tesla 3% in August 2021 Credentials, passwords, banking information, personal data, screenshots, keystrokes, etc. No Yes String obfuscation, data encryption, anti-analysis, etc. Medium
LokiBot 1.5% in August 2021 Credentials, passwords, banking information, personal data, etc. No Yes String obfuscation, data encryption, anti-analysis, etc. Medium
Raccoon 0.8% in August 2021 Credentials, passwords, banking information, personal data, etc. No Yes String obfuscation, data encryption, anti-analysis, etc. Medium

From this table, we can see that FormBook is the most dangerous infostealer malware, because it affects the most organizations, steals the most types of information, and can download and execute other malware. It is also the hardest to detect and remove, because it uses more evasion techniques than the other malware.

Forms of attacks of FormBook

FormBook can be delivered through different forms of attacks, depending on the delivery mechanism chosen by the malicious actor. Here are some forms of attacks of FormBook:

  • Phishing: FormBook can be sent by email as a malicious attachment, such as a Word, Excel, PDF, or ZIP or RAR file. The email can have a misleading subject, such as an invoice, a receipt, a contract, a job offer, etc. When the user opens the attachment, the malware runs and infects the device.
  • Exploitation of vulnerabilities: FormBook can exploit vulnerabilities in popular software, such as Microsoft Office, Windows, Adobe Reader, etc. For example, FormBook used the vulnerability CVE-2017-8570 in Microsoft Office to run malicious code from a RTF file. FormBook also used the vulnerability CVE-2021-40444 in Microsoft MSHTML to run malicious code from a CAB file.
  • Drive-by downloads: FormBook can be downloaded without the user’s knowledge when they visit a compromised or malicious website. The website can use a script or an exploit kit to trigger the download and execution of the malware on the user’s device.
  • Removable media: FormBook can be copied to removable media, such as USB drives, external hard drives, memory cards, etc. When the user connects the removable media to their device, the malware runs automatically and infects the device.
  • Social media: FormBook can be spread by messages or posts on social media, such as Facebook, Twitter, Instagram, etc. These messages or posts can contain links or images that redirect to malicious websites or infected files. When the user clicks on the link or image, the malware is downloaded and executed on their device.

Here is a type of formbook malware attacks image:

Type of Formbook MalwareAttacks

How PassCypher NFC HSM and DataShielder NFC HSM can protect you from FormBook attacks

PassCypher NFC HSM and DataShielder NFC HSM are two devices that use the EviPass NFC HSM technology from Freemindtronic, which is a contactless hardware password manager that won the Silver Medal for International Inventions in Geneva on March 2021. These devices can help you protect your web accounts and your Gmail messages and attachments from FormBook attacks, by using passwordless, 2FA, and encryption.

PassCypher NFC HSM can create and store your usernames and passwords of more than 256-bit in the NFC HSM. It can also store your OTP TOTP or HOTP secret keys in the NFC HSM to generate the 2FA code for your web accounts. The NFC HSM can store up to 100 web accounts and one pair of RSA-4096 keys.

DataShielder NFC HSM can encrypt and decrypt your Gmail messages and attachments with your own encryption keys that you create and store offline. It uses the EviCypher NFC HSM technology, which is a contactless hardware security module (NFC HSM) that won the Gold Medal for International Inventions in Geneva on March 2021. It can store up to 100 keys and one pair of RSA-4096 keys in the NFC HSM.

To use PassCypher NFC HSM and DataShielder NFC HSM, you need to install the Freemindtronic extension for your web browser based on Chromium or Firefox. This extension uses the EviCore NFC HSM Browser technology, which allows you to communicate with the NFC HSM via your NFC phone. You also need to use the EviPass, EviOTP, EviCrypt, and EviFile applications that are embedded in the PassCypher NFC HSM and DataShielder NFC HSM. These applications allow you to create, edit, delete, encrypt, and decrypt your web accounts, OTP secret keys, messages, and attachments with a simple tap of your NFC phone on the PassCypher NFC HSM or DataShielder NFC HSM.

By using PassCypher NFC HSM and DataShielder NFC HSM, you can secure your web accounts and your Gmail messages and attachments with passwordless, 2FA, and encryption. You do not need to display, know, or type your username, password, or encryption key. You just need to tap your NFC phone on the PassCypher NFC HSM or DataShielder NFC HSM and the extension will autofill, auto login, encrypt, or decrypt your web account, message, or attachment. You also do not need to use another device or application to generate the 2FA code, since the PassCypher NFC HSM will do it for you.

Here is a table that shows how PassCypher NFC HSM and DataShielder NFC HSM can protect you from different FormBook attack vectors, such as keylogger, password stealer, file transfer, screenshot, etc. I used a check mark or a cross mark to show visually what PassCypher NFC HSM and DataShielder NFC HSM protect.

 

FormBook PassCypher DataShielder
Keylogger ✔️ ✔️
Password stealer ✔️ ✔️
File transfer ✔️
Screenshot ✔️ ✔️
Remote control
Phishing ✔️ ✔️
Exploit kit
Drive-by download
Removable media ✔️
Social media

This table shows that PassCypher NFC HSM and DataShielder NFC HSM can protect your web accounts from FormBook’s keylogger, password stealer, and phishing, by using passwordless and 2FA. They can also protect your Gmail messages and attachments from FormBook’s file transfer and screenshot, by using encryption and decryption. DataShielder NFC HSM can also protect your data stored in computers or removable media, by using encryption and decryption. However, neither device can protect your device from FormBook’s remote control, exploit kit, drive-by download, or unsecured social media, which can compromise your system and your data. Therefore, you should also use an antivirus software and a firewall to prevent FormBook from accessing your device.

Communication Vulnerabilities 2023: Avoiding Cyber Threats

Person working on a laptop within a protective dome, surrounded by falling hexadecimal ASCII characters, highlighting communication vulnerabilities
The hidden dangers of communication vulnerabilities in 2023  by Jacques Gascuel: This article will be updated with any new information on the topic.

Beware of communication vulnerabilities in 2023

Communication is essential for our personal and professional lives, but it also exposes us to cyber threats. In 2023, hackers will exploit the hidden dangers of communication vulnerabilities to steal data, disrupt services, and spy on users. This article will explain the main types of communication vulnerabilities, their impact, and how to protect yourself from them.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

Communication Vulnerabilities in 2023: Unveiling the Hidden Dangers and Strategies to Evade Cyber Threats

2023 Security Vulnerabilities in Means of Communication

Communication is essential for individuals and professionals, but it is also exposed to many cyber threats. In 2023, several security breaches affected emails and messages, compromising the security of data, services, and users. These breaches showed the vulnerability of communication systems, which are exposed to increasingly sophisticated and targeted attacks. To protect themselves, users need to encrypt their data and communications with their own keys that they created and stored offline. One of the solutions that can help them achieve this is EviCypher NFC HSM technology by Freemindtronic.

The Reality of Security Breaches in Communication Systems

However, we wanted to highlight a disconcerting reality: users often found themselves defenseless against the hidden dangers of communication vulnerabilities in 2023 that festered beneath the surface for long periods of time. Unaware of these current, imminent or future risks, they unwittingly provided gateways to espionage activities, whether motivated by legitimate or malicious intentions. These vulnerabilities enabled a relentless cycle of cyber victimization, perpetuating the very threats they aimed to mitigate.

For example, iCloud Email operated without end-to-end encryption from its launch in 2011 until December 2022 – a troubling reality that put users in a vulnerable position, their security at the mercy of external factors they could not control.

Another example, several reports by the Citizen Lab have revealed the existence and the use of Pegasus spyware developed by the Israeli company NSO Group, which sells its services to governments and private actors to spy on targets around the world. Moreover, several investigations by the consortium Forbidden Stories have revealed that more than 50,000 phone numbers have been selected as potential targets by NSO Group’s clients, including heads of state, journalists, human rights activists, etc.

Among the most recent examples of these vulnerabilities, we can mention the cyberattack against the US State Department, which was attributed to hackers linked to China.

Chinese hackers hacked 60,000 emails from the US State Department

In March 2023, Chinese hackers hacked 60,000 emails from the US State Department. Some of them were very sensitive to national security and foreign affairs. They used a Microsoft Exchange flaw named Log4Shell. This vulnerability allows hackers to remotely execute malicious code on servers that use this software. It affects millions of servers worldwide. Senator Mark Warner revealed the attack and criticized the lack of transparency and security of the State Department. He called for strengthening cooperation between government agencies and the private sector to cope with cyberthreats. This attack is part of a context of rising tensions between the US and China, who accuse each other of espionage and sabotage on cyberspace.

The other sensitive organs targeted by the attack

Besides the State Department emails, the attack also targeted other sensitive organs, such as:

  • The Bureau of the Coordinator for Cyber Issues, which is responsible for coordinating the State Department’s efforts to prevent and respond to cyberattacks.
  • The Bureau of Consular Affairs, which is in charge of issuing passports and visas, as well as protecting US citizens abroad.
  • The Bureau of Intelligence and Research, which provides analysis and assessments on foreign policy and national security issues.

These sensitive organs hold confidential or personal information that could be used by the Chinese hackers for espionage, blackmail or sabotage. For example, the hackers could access the biometric data of visa applicants, the reports of intelligence agents or the action plans in case of crisis.

The security flaw exploited by the Chinese hackers

The most serious thing is that some servers that were hacked by the Chinese had not been updated with the patch released by Microsoft on December 10, 2022. This shows that the updates are not automatic and that they have to be installed manually. This also shows the lack of responsiveness and vigilance of the IT security managers. They let the Chinese hackers exploit this flaw before it was fixed by Microsoft, who released security updates. Indeed, this cyberattack shows the vulnerability of communication systems and the need to protect them effectively.

A Case of Satellite Messaging Security Vulnerability

Satellite messaging is a means of communication that allows the transmission of electronic messages or calls via a network of artificial satellites. It is used by professionals and individuals in areas with no cellular coverage or those seeking discreet communication. However, satellite messaging is not immune to security vulnerabilities that can compromise data confidentiality and integrity.

In September 2023, a team of cybersecurity researchers uncovered a significant security vulnerability in the Bullitt satellite messaging service. This vulnerability allowed hackers to read and modify messages sent and received by users, as well as access their personal information, including GPS coordinates and phone numbers. Hackers could also impersonate users by sending messages on their behalf. The vulnerability was found in the PubNub-Kotlin API used by the Bullitt Messenger app to manage communication between devices and the service’s servers. Despite alerting Bullitt, the service provider, about this vulnerability, the researchers received no satisfactory response.

This security flaw poses a high risk to satellite messaging users, as their data can be exposed or manipulated by hackers.

Security Vulnerabilities in Communication Systems: A Closer Look

2023 Security Flaws in Communication Channels is a paramount concern for individuals and organizations across the globe. Hackers frequently exploit vulnerabilities within communication protocols and services to launch attacks that can compromise data confidentiality, integrity, and availability. To illustrate the magnitude and gravity of this issue, we have compiled statistics based on our web research:

Security Vulnerabilities in Emails

Emails serve as a central vector for cyberattacks, representing a significant portion of security incidents, with up to 91% of reported incidents, as per cybermalveillance.gouv.fr. Among these email-targeted threats, ransomware attacks are the most prevalent, comprising 25% of reported security incidents. Additionally, it’s striking to note that 48% of malicious files attached to emails are Microsoft Office documents. These statistics underscore the critical importance of implementing robust security measures for emails to guard against evolving threats.

Furthermore, an analysis conducted by the Verizon Data Breach Investigations Report for 20232 highlights that emails remain the primary variety of malicious actions in data breaches, underscoring their continued relevance as a vector for cyberattacks.

However, it is essential to note that email-specific vulnerabilities can vary based on factors such as email protocol vulnerabilities, server configuration errors, human mistakes, among others.

Security Vulnerabilities in Encrypted Messaging Services

Encrypted messaging services like Signal, Telegram, or WhatsApp are not immune to security vulnerabilities, which can compromise message and file confidentiality, integrity, and availability. In March 2023, Cellebrite, an Israeli data extraction company, claimed to have successfully decrypted messages and files sent via Signal. In June 2023, Google disclosed a vulnerability in its RCS service that allowed hackers to send fraudulent messages to Android users, containing malicious links redirecting victims to compromised websites.

Security Vulnerabilities in Communication Protocols

Communication protocols such as SMTP, RCS, or SMS are also susceptible to security vulnerabilities that can enable hackers to intercept, modify, or spoof messages and calls. SS7 vulnerabilities involve attacks exploiting the vulnerabilities of the SS7 protocol, used to establish and terminate telephone calls on digital signaling networks. These attacks can allow hackers to intercept, modify, or spoof voice and SMS communications on a cellular network. In January 2023, a hacking group named Ransomware.vc launched a data extortion campaign targeting organizations using the Progress MOVEit file transfer tool. The hackers exploited an SS7 vulnerability to intercept verification codes sent via SMS to MOVEit users, gaining access to sensitive data. In February 2023, the Ukrainian power grid was hit by a new malware called Industroyer2, attributed to Russian hackers. The malware used an SS7 vulnerability to take control of network operator phone calls, disrupting electricity distribution in the country. In March 2023, Samsung suffered a data breach that exposed the personal and financial information of millions of customers. The breach was caused by an SS7 vulnerability that allowed hackers to access SMS messages containing online transaction confirmation codes.

An Overview of Security Vulnerabilities in Communication Systems

Communication systems exhibit various vulnerabilities, with each element susceptible to exploitation by hackers. These weaknesses can have severe consequences, including financial losses, damage to reputation, or national security breaches.

  • Protocols: Communication protocols, like Internet Protocol (IP), Simple Mail Transfer Protocol (SMTP), Signaling System 7 (SS7), and Rich Communication Services (RCS), can contain security vulnerabilities. These vulnerabilities enable hackers to intercept, modify, or spoof communications on the network. For instance, an SS7 vulnerability allows hackers to eavesdrop on phone calls or read SMS messages on a cellular network.
  • Services: Network services, such as messaging, cloud, streaming, or payment services, possess their own vulnerabilities. These vulnerabilities may permit hackers to access, modify, or delete data within the service. For instance, a vulnerability in an encrypted messaging service enables hackers to decrypt messages or files sent via the service.
  • Applications: Software applications, including web, mobile, desktop, or IoT applications, are prone to security vulnerabilities. These vulnerabilities empower hackers to execute malicious code on a user’s device or gain control of the device itself. For example, a vulnerability in a web application allows hackers to inject malicious code into the displayed web page.
  • Devices: Physical devices, such as computers, smartphones, tablets, or IoT devices, feature their own set of security vulnerabilities. These vulnerabilities can enable hackers to access the device’s data or functionalities. For instance, a vulnerability in a smartphone grants hackers access to the device’s camera, microphone, or GPS.

In conclusion, the multitude of security vulnerabilities in communication systems presents a significant challenge to all stakeholders. Protecting against these vulnerabilities and enhancing cybersecurity is essential to safeguard sensitive data and infrastructure.

How communication vulnerabilities exposed millions of users to cyberattacks in the past years

Communication is essential for our personal and professional lives, but it also exposes us to cyber threats. In the past years, hackers exploited the hidden dangers of communication vulnerabilities to steal data, disrupt services, and spy on users. These vulnerabilities affected software and services widely used, such as Log4j, Microsoft Exchange, Exim, Signal, Telegram, or WhatsApp. Some of these vulnerabilities have been fixed, while others remain active or in progress. The following table summarizes the main communication vulnerabilities in the past years, their impact, and their status.

Name of the breach Type of breach Impact Status Date of discovery Date of patch
Log4j Command injection Control of servers and Java applications Fixed November 24, 2021 December 18, 2021
Microsoft Exchange Remote code execution Data theft and backdoor installation Fixed March 2, 2021
Exim Multiple vulnerabilities Control of email servers June 5, 2020
Signal Denial of service Blocking of messages and calls Fixed May 11, 2020 May 15, 2020
Telegram Deserialization Access to messages and files Fixed January 23, 2021
WhatsApp QR code spoofing Account hacking Fixed October 10, 2019
File-based XSS Code injection Execution of malicious code in the browser Not fixed December 17, 2020 N/A
RCS QR code spoofing Interception, modification or spoofing of messages and calls Not fixed June 17, 2020 N/A
SMS SIM swap fraud Account takeover and identity theft Active or in progress
MMS Stagefright vulnerability Remote code execution and data theft Fixed July 27, 2015 August-September 2015
SolarWinds Orion Supply chain compromise Data theft and backdoor installation Fixed December 8, 2020 February 25, 2023
API PubNub-Kotlin Privilege escalation by deserialization of untrusted data Arbitrary command execution on SolarWinds Platform website Fixed February 8, 2022 April 19, 2023
SS7 Multiple vulnerabilities Data theft, interception, modification or blocking of communications, location tracking or spoofing, fraud Active or in progress 2014 N/A

This table provides a concise overview of the hidden dangers of communication vulnerabilities in 2023, their types, impacts, and current statuses.

EviCypher NFC HSM: The technology that makes your communications invulnerable to security breaches

Security vulnerabilities in the means of communication pose a high risk to users, including satellite messaging, as their data can be exposed or manipulated by hackers. Therefore, effective protection against this threat is essential. This is precisely where the EviCypher NFC HSM technologies mentioned in this article come in as an innovative and secure solution.

EviCypher NFC HSM Technology for Messaging Protection

EviCypher NFC HSM technology is a solution that enables contactless encryption and decryption of data using an NFC card. It employs a hardware security module (HSM) that securely stores encryption keys. It is compatible with various communication services, including emails, SMS, MMS, satellite messaging, and chats.

To use EviCypher NFC HSM technology, simply pair the NFC Card, to an NFC-enabled Android phone and activate it with your fingerprint. Messages sent and received through messaging services are encrypted and decrypted using the NFC card. Only the card owner can access their messages and files. No one can intercept or alter them, even if the  service is compromised by a security vulnerability.

EviCypher NFC HSM technology offers optimal protection for commincation, ensuring data confidentiality and integrity. It also safeguards against other types of security vulnerabilities that may affect communication methods, such as Log4Shell or SolarWinds. It is a simple, effective solution that requires no change in user habits.

What is EviCypher NFC HSM technology?

EviCypher NFC HSM technology is a contactless encryption technology that uses hardware security modules (HSM) devices that communicate via NFC (Near Field Communication) protocols. These devices are EviTag and Evicard, which are small and portable devices that can be attached to a keychain or a card holder. They allow users to store and manage their keys and secrets securely, without relying on third-party services or cloud storage.

How does EviCypher NFC HSM technology work?

EviCypher NFC HSM technology works by encrypting and decrypting data and communications with the user’s own keys that they created and stored offline. The user can use the devices for various applications, such as encrypting emails, messages or files.

To use NFC HSMs, the user must first pair it with their phone. He chooses the option of encryption or decryption on his phone, writes or reads his messages on his phone. Encryption and decryption operations are performed from the NFC HSM itself, without exposing keys or secrets to the phone. The same operation is available on computer via a phone-paired web extension and using the NFC HSM.

Why is EviCypher NFC HSM technology secure and reliable?

EviCypher NFC HSM technology is integrated into a hardware security module that stores encrypted secrets, such as encryption keys, in the highly secure NFC eprom memory. It enables to encrypt contactless communications upstream, in post-quantum AES 256, before sending them. It is thus secure and reliable, because it encrypts the data before transmitting them without ever keeping the message in plain text.

How can EviCypher NFC HSM technology protect you from security breaches?

EviCypher NFC HSM technology can protect you from security breaches by encrypting your data and communications in advance in volatile memory before sending them encrypted without ever keeping the message in clear automatically destroyed and replaced by its encrypted version in AES 256 symmetry considered post quantum. Thus, even if there are security flaws the messages and emails and their attachments remain always encrypted. This can be done from an Android NFC phone and/or from the Freemindtronic extension.

This way, you can avoid being exposed to past, present or future security vulnerabilities, since the encryption is done on the device itself, without exposing the keys or secrets to the phone or computer. Even if your phone or computer is compromised by a hacker or a spyware, they cannot access your data or messages in clear text. Only you can decrypt them with your device and your PIN code.

EviCypher NFC HSM technology is an innovative solution that offers a high level of security and privacy for your communication systems. It is developed by Freemindtronic, an Andorran company specialized in NFC security. It is based on EviCore NFC HSM technology, which is a hardware security module that combines hardware encryption and NFC communication protocols.

In conclusion, the EviCypher NFC HSM technology is integrated into a hardware security module that stores encrypted secrets, such as encryption keys, in the highly secure NFC eprom memory. It allows to encrypt contactless communications upstream, in post-quantum AES 256, before sending them. It is thus secure and reliable, because it encrypts the data before transmitting them without ever keeping the message in plain text.

Protect US emails from Chinese hackers with EviCypher NFC HSM?

Protect your emails from Chinese hackers How to protect your emails from Chinese hackers with EviCypher NFC HSM technology

Protect your emails from Chinese hackers by Jacques Gascuel: This article will be updated with any new information on the topic.  

Protéger les e-mails américains contre les pirates chinois avec la technologie HSM NFC EviCypher

Les courriels et les pièces jointes des institutions américaines font l’objet d’une attaque sans précédent qui proviendrait de pirates chinois. Comment la technologie HSM NFC EviCypher d’Andorre, développée par Freemindtronic, peut-elle les chiffrer sans contact et prévenir la corruption ? Dans cet article, vous découvrirez pourquoi les pirates ne peuvent pas lire les emails et leurs pièces jointes qui sont exfiltrés, notamment ceux du gouvernement américain qui utiliserait cette technologie qui stocke physiquement les clés de chiffrement à l’extérieur. Ainsi, seuls les utilisateurs autorisés qui disposent d’un HSM NFC Freemindtronic avec la bonne clé peuvent les déchiffrer.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

How EviCypher NFC HSM technology can protect emails from Chinese hackers

The Chinese hack on US emails: what happened and why it matters

In July 2023, a massive cyberattack targeted email accounts belonging to US government officials, as well as private organizations and universities. The hackers, suspected of being linked to the Chinese government, exploited a vulnerability in Microsoft’s cloud service, called Exchange Server, which allows users to access their emails via the web.

According to Microsoft, the attack affected more than 30,000 organizations in the US and thousands of others around the world. The hackers used a technique called “web shell”, which involves installing malicious software on the compromised servers, giving them remote access to the data and systems of the victims.

Among the victims were the State Department, the Defense Department, the Justice Department, the Energy Department, NASA, FAA, as well as defense companies, NGOs, media and academic institutions. The hackers were able to access the emails and the attachments of the hacked accounts as well as other information stored in their email account such as contacts and calendars.

Microsoft described the attack as “highly sophisticated and targeted” and attributed responsibility to a group named Hafnium which it describes as “a state-sponsored actor backed by China”. The Chinese government denied any involvement and accused Microsoft of “slandering” China.

Microsoft released security patches to fix the vulnerability patches to fix the vulnerability and advised all Exchange Server users to apply them immediately. It also collaborated with US authorities to investigate the incident and help the victims recover from the attack.

The attack raised concerns about the security of cloud computing, which is increasingly used by public and private organizations to store and manage their data. Cloud computing offers benefits such as cost reduction, flexibility and efficiency.

How EviCypher NFC HSM technology could have prevented the Chinese hack on US emails

If you want to protect your emails from Chinese hackers or any other cyber threats, you should consider using EviCypher NFC HSM Technology. It is a technology patented especially in the United States that allows you to store and use your cryptographic keys in a contactless device. It is a simple, efficient and durable solution for securing your data and secrets. In this section, we will explain how EviCypher NFC HSM works, what are its main features and benefits, and how it can help you protect your privacy and security.

What is EviCypher NFC HSM and how does it work?

EviCypher NFC HSM is a technology developed by Freemindtronic, an Andorran company specialized in NFC security. It is based on EviCore NFC HSM, which is a hardware security module that combines hardware encryption and NFC communication protocols to protect your keys and secrets.

With EviCypher NFC HSM, you can store your keys and secrets in a contactless device, such as a card, a sticker or a keychain. The device is powered by the NFC signal of the Android phone. This phone serves as terminal and user interface. The data stored in memory are encrypted contactlessly from the EviCypher NFC HSM application that performs encryption and decryption operations using advanced algorithms, such as AES 256 bits and RSA 4096 bits.

EviCypher NFC HSM also implements anti-cloning and anti-replay mechanisms to prevent unauthorized access or duplication of your secrets. The device has a patented power monitoring and protection device with black box. This device ensures the integrity and availability of the device. The device also has a patented wireless access control system that allows you to define two distinct access profiles: administrator and users, without allowing them to access each other’s secrets without their authorization. The device also has a patented segmented key authentication system that allows you to define up to 9 trust criteria for encrypting your secrets, such as geolocation, BSSID, password or fingerprint.

How EviCypher NFC HSM could have prevented the Chinese hack on US emails?

If the US government had used EviCypher NFC HSM technology with EviCore NFC HSM technology, the Chinese attack would have had no impact. Indeed, even if the hackers had succeeded in exploiting Microsoft Exchange Server’s vulnerability, they would not have been able to access emails and attachments of accounts protected by EviCypher NFC HSM. They would need the corresponding NFC device to decrypt data. Moreover, they would not have been able to clone or replay the NFC signal because EviCypher NFC HSM uses protection techniques against these attacks. Finally, they would not have been able to bypass access control or trust criteria because EviCypher NFC HSM allows you to define custom profiles and parameters for each user.

By using EviCypher NFC HSM, you can encrypt and decrypt your data with your own keys, without relying on any third-party service or provider. You can also use different encryption algorithms, such as AES 256 bits and RSA 4096 bits, to ensure the highest level of security for your data. In addition, you can share and exchange your keys with other users who have EviCypher NFC HSM devices, using secure NFC communication protocols.

How to protect your emails and messages with EviCypher NFC HSM?

You can use EviCypher NFC HSM with different messaging applications, such as:

Webmail services: how to protect your emails and attachments with EviCypher NFC HSM?

You can use EviCypher NFC HSM to encrypt and decrypt your emails and attachments stored in webmail services. For example: Gmail, Yahoo Mail, Proton Mail, Outlook, Roundcube Webmail, HCL Domino Webmail and others. To do this, you need to install the EviCypher Webmail extension on your web browser based on Chromium, such as Chrome. The extension will automatically add buttons to encrypt and decrypt your messages via the NFC device.

Instant messaging services: how to protect your messages with EviCypher NFC HSM?

You can use EviCypher NFC HSM to encrypt and decrypt your messages sent or received from instant messaging services. For example: WhatsApp, Telegram, Signal, Facebook Messenger, Skype and others. To do this, you need to install the EviCypher IM extension on your web browser based on Chromium, such as Chrome. The extension will automatically add buttons to encrypt and decrypt your messages via the NFC device.

SMS: how to protect your SMS messages with EviCypher NFC HSM?

You can use EviCypher NFC HSM to encrypt and decrypt your SMS messages sent or received from your Android phone. To do this, you need to install the EviCypher SMS application on your phone. The application will automatically encrypt and decrypt your SMS messages via the NFC device.

Statistics on email attacks against the US

According to a report by Proofpoint, a cybersecurity company, email is the most common vector for cyberattacks against the US. The report states that in 2022, more than 80% of organizations in the US faced at least one email-based attack, such as phishing, malware or ransomware. The report also reveals that the US is the most targeted country by email threats, accounting for 36% of all global attacks. The report also identifies China as one of the top sources of email attacks, along with Russia, Iran and North Korea.

The report also highlights the impact of email attacks on the US economy and security. The report estimates that email attacks cost US organizations more than $20 billion in 2022, due to data breaches, business disruptions, reputational damage and legal fees. The report also warns that email attacks pose a serious threat to the US national security, as they can compromise sensitive information, disrupt critical infrastructure and undermine public trust.

The report recommends that US organizations adopt a comprehensive and proactive approach to email security, which includes:

  • Educating employees on how to recognize and avoid email threats
  • Implementing advanced email security solutions that can detect and block malicious emails
  • Encrypting sensitive data and using strong passwords
  • Backing up data regularly and having a recovery plan in case of an attack
  • Reporting any suspicious or malicious email activity to authorities

What is EviCore HSM OpenPGP and how does it protect your emails from Chinese hackers?

EviCore HSM OpenPGP is a technology that transforms your Android or iPhone into a hardware security module (HSM) for encrypting and storing your cryptographic keys. It leverages the highly secure OpenPGP standard, known for its use by whistleblowers, journalists, activists and privacy advocates.

With EviCore HSM OpenPGP, you can generate and manage your own keys on your phone, without relying on any third-party service or provider. You can also encrypt and decrypt your messages with your own keys, using the EviCypher HSM OpenPGP application that supports various messaging applications, such as email, webmail, SMS, RCS and more.

EviCore HSM OpenPGP also implements anti-cloning and anti-replay mechanisms to prevent unauthorized access or duplication of your keys. The application also has a patented wireless access control system via an NFC HSM EviBadge NFC HSM that allows you to authenticate and encrypt with segmented keys the OpenPGP encryption keys or any other types of keys stored in the phone. It is also possible to add trust criteria that allow you to define up to 7 trust criteria for encrypting messages (email, webmail, SMS, MMS, RCS and others) such as geolocation, BSSID, password, fingerprint, facial recognition, segmented keys between two distinct parties.

By using EviCore HSM OpenPGP, you can protect your emails from Chinese hackers or any other cyber threats. You can also use it with EviCypher NFC HSM devices, which allow you to encrypt and decrypt data in air gap mode.

What are the advantages of EviCore HSM OpenPGP?

EviCore HSM OpenPGP offers several advantages over other encryption solutions, such as:

  • Simplicity: You don’t need any additional hardware or software to use EviCore HSM OpenPGP. You only need your phone and the EviCypher HSM OpenPGP application.
  • Efficiency: You can encrypt and decrypt your messages with a single tap on your phone screen. You don’t need to enter any passwords or codes to access your keys.
  • Durability: You can store your keys securely on your phone memory, export them, import them, back them up on a cloud service or an external storage device. You can also use NFC HSM devices to add other trust criteria with segmented keys stored in the device.
  • Compatibility: You can use EviCore HSM OpenPGP with different messaging applications, such as email, webmail, SMS, RCS and more. You can also use it with EviCypher NFC HSM devices, which allow you to encrypt and decrypt data in air gap mode.
  • Security: You can protect your keys and messages from hackers, malware and physical theft. You can also control who can access your keys and messages by defining access profiles and trust criteria.

How EviCypher HSM Technology is protected by patents

EviCypher HSM technology is protected by several patents issued by various countries, including the US. Some of these patents are:

  • US20210136579: A method for securing data using a contactless device that stores cryptographic keys and performs encryption and decryption operations via NFC communication with an Android phone.
  • US20100188785: A method for protecting a contactless device from cloning or replay attacks by using a power monitoring and protection device with black box that detects any abnormal power consumption or interruption.
  • US20180336335: A method for authenticating a contactless device by using a segmented key authentication system that allows defining up to 9 trust criteria for encrypting secrets, such as geolocation, BSSID, password or fingerprint.

These patents demonstrate the innovation and originality of EviCypher HSM Technology, as well as its compliance with the US intellectual property laws. These patents also provide legal protection for EviCypher NFC HSM Technology and EviCypher HSM OpenPGP against any potential infringement or imitation by competitors.

Conclusion

EviCore HSM OpenPGP is a new technology that allows you to turn your phone into a hardware security module for encrypting and storing your cryptographic keys. It is based on the OpenPGP standard, which is widely used for secure communication and data protection. By using EviCore HSM OpenPGP, you can protect your emails from Chinese hackers or any other cyber threats. You can also use it with different messaging applications, such as email, webmail, SMS, RCS and more. Moreover, you can use it with EviCypher NFC HSM devices, which allow you to encrypt and decrypt data in air gap mode.

We hope this article has helped you understand how EviCore HSM OpenPGP works and what are its advantages. If you are interested in learning more about this technology or ordering your own device, please visit the official website of Freemindtronic, the company that developed it. You can also watch this video that explains how EviCore HSM OpenPGP works and how to use it with different messaging applications.

Thank you for reading this article. We hope you have learned something new and useful about how to protect your emails from Chinese hackers with EviCypher NFC HSM technology. If you have any questions or feedback, please feel free to leave a comment below. We would love to hear from you.

If you enjoyed this article and found it helpful, please share it with your friends and family who might be interested in protecting their emails from Chinese hackers or any other cyber threats. Stay safe and secure with EviCypher NFC HSM technology!

Original source: https://www.washingtonpost.com/national-security/2023/07/12/microsoft-hack-china/

EviCypher Story

EviCypher Story video youtube 2016 Cyber Cercle Paris France Genesis of the EviCypher Technology World champion of inventions 2021

EviCypher by Freemindtronic Andorra

EviCypher is, above all, the invention of Jacques Gascuel founder of the Deep Tech Andorrane Freemindtronic SL.

Freemindtronic, isa research and development laboratory specializing in the design and design of Green Tech electronic systems in security and cyber security computing specialized in NFC technology, contactless.

EviCypher® is a brand designating Freemindtronic technology in the field of security and cyber security secrets and their management.
EviCypher’s research and development laboratory is an expert in multi-factor wireless authentication (MFA) access control, which it has several international patents. In addition, Deep Tech also designs electrical protections for computer systems with black box traceability, wireless access control systems, segmented encryption key security systems   and multi-criteria of trust authentication systems.

EviCypher is a technical solution that at the same time guardian of secrets and respect for the environment.

EviCypher technology is one of the implementations of Jacques Gascuel’s invention, which was awarded numerous times for his inventions and innovations internationally in 2017, 2014 and worldwide in 2010 and 2021 at the international invention competition in Geneva, where he received the gold medal.

First, EviCypher’s function is to keep the secrets stored offline for life in its individually protected and secured non-volatile encrypted memory by various criteria of trust and physical access control.

And at the same time, EviCypher significantly reduces attack surfaces to make them impossible when using the secrets stored in connected computer systems and information systems.  

As a result, the second function is cyber deterrence. It has the effect of convincing the potential attacker not to attack EviCypher users. The secrets are kept outsourced connected computer systems involves. In fact, for the attacker, the costs that will result from his remote and/or proximity attack would outweigh the potential benefits he thinks he can derive from it.

Freemindtronic’s research and development laboratory has this expertise in implementing such a high level of security, which it dents the know-how protected by international patents.

EviCyper is mostly a user engineering. Make it extremely easy to use security and cyber security technologies that are becoming more and more complex to implement.

Freemindtronic uses energy recovery via the NFC signal to EviCypher to operate only on demand. In fact, it doesn’t need a battery to run for life.

In the end, EviCypher has through its application many decentralized and individualized cyber security systems. EviCypher do not use server on the internet (serverless) to operate. It can operate without physically isolated contact networks (Air Gap)

the inventor of EviCypher

Inventor Jacques Gascuel moved to the eastern Pyrenees in the Principality of Andorra in 2016. It is in this mountain environment source of inspiration, that he founded Freemindtronic in November 2016. This start-up benefits from know-how protected by international patents. Less than a year after its creation was born a technological innovation named EviAlpha which will be integrated into an NFC device called EviTag®. This is a password and credit card manager. In addition, this product is several times Winner in Innovation in 2017 in Cybersecurity and Embedded System.

Gold Globee Winner 2022 Cyber Computer NFC

Gold Globee Winner 2022 at the Cyber Security Global Excellence Awards Cyber Computer NFC Freemindtronic Andorra


Freemindtronic Wins Globee® Awards in the 2022 Cyber Security Global Excellence Awards®

Freemindtronic named Winner in the Globee Awards 18th Annual Cyber Security Global Excellence Awards®

Escaldes-Engordany, Andorra, – February 24th, 2022 – Freemindtronic announced today that The Globee® Awards, organizers of world’s premier business awards programs and business ranking lists, has named the Cyber computer of Freemindtronic a winner in the 18th Annual 2022 Cyber Security Global Excellence Awards®. These prestigious global awards recognize cyber security and information technology vendors with advanced, ground-breaking products, solutions, and services that are helping set the bar higher for others in all areas of security and technologies.

The NFC Cyber ​​Computer with EviCypher technology of Freemindtronic offers a new innovative solution to fight against ransomware, espionage and at the same time secure access to sensitive data and protect secrets physically, offline. The NFC reader integrated into the Cyber ​​computer allows interaction with a secure NFC card, manager of encryption tokens and secrets. Simply insert the NFC card into the reserved slot of the Cyber ​​Computer to perform all the operations. Thus, the secrets are physically isolated from the computer system. This allows contactless encryption and auto-locking of access to internal and external data storage media such as USB, SD, SSD or HD keys. The Cyber ​​Computer is also equipped with an encrypted differential backup system with self-locking and/or self-disconnection for storage via a local or remote network. The Cyber ​​Computer offers an effective solution for contactless encryption of webmail and instant messaging. This device is equipped with a multi-factor authentication (MFA) system. The NFC card is also compatible with an NFC phone via the Freemindtronic EviCypher Application. Thus the user of a Cyber ​​Computer has an eco-system which also secures all his messaging services including SMS and files on his phone.

“We are proud to be recognized as an industry player whose Cyber computer with Freemindtronic EviCypher technology has been named winner by the Globee Awards, in hardware safety and cybersecurity” says said Jacques Gascuel CEO of Freemindtronic Andorra.   “Behind this distinguished success, it is above all the work of a team of enthusiasts in perpetual research and development of new solutions to fight against cybercrime and espionage while defending the individual sovereignty of its data. We believe that this recognition from the Globee Awards further validates our perseverance in always pushing the limits of the impossible to meet the increasingly complex needs of our customers in terms of protecting their computer systems, their information and communications but not only. Human error is also taken into consideration thanks to protected and secure differential backup systems. Above all, the Cyber computer responds advantageously to the need to secure telework as well as work on the move. »  

More than 55 judges from around the world representing a wide range of industry experts participated in the judging process.

Judges | Cyber Security | Cyber Security Global Excellence Awards: https://globeeawards.com/cyber-security-global-excellence-awards/judges/

About the Globee Awards 
Globee Awards are conferred in ten programs and competition: the American Best in Business Awards, Business and Communications Excellence Awards, CEO World Awards®, Cyber Security Global Excellence Awards®, Disruptor Company Awards, Golden Bridge Awards®, Information Technology World Awards®, International Best in Business Awards, Sales, Marketing, & Service Excellence Awards, and Women World Awards®. Learn more about the Globee Awards at https://globeeawards.com

About Freemindtronic
The Andorran company Freemindtronic designs, develops and manufactures internationally patented white label products and services, particularly in the field of safety and cyber security. She is an expert in NFC technology. Jacques Gascuel’s patented EviCypher invention was awarded the 2021 Geneva International Inventions Gold Medal. This Gold Globee® Winner 2022 is a new international recognition of the potential of implementation of this invention in many other domains of hardware security of secrets.

All trademarks are the property of their respective owners.

List winner of the Globee Awards 18th Annual Extract from Freemindtronic’s Cyber Security Global Excellence Awards® 2022

Winners | Cyber Security

We congratulate all the other winners.

We would like to thank the members of the jury in the Cyber Security Global Excellence Awards® for their interest in our latest Greentech innovation EviCypher.

Based on the invention of Jacques GASCUEL, the EviCypher card is a keeper of secrets. It is very easy to use and very efficient for contactless, end-to-end encryption from an NFC hardware security module, sensitive data and in particular emails in Webmail services.

Excerpt from Freemindtronic’s Cyber Security Global Excellence Awards® 2022 virtual ceremony on 27 April 2022

Gold Globee Winner 2022 Cyber Security Global Excellence Awards For Cyber Computer Nfc Evicypher Freemindtronic Andorra




Extract from the Cyber Security Global Excelence 2022 ceremony









Winners will be celebrated and presented their awards in a virtual ceremony attended by the finalists, winners, judges and industry peers from all over the world. Globee awards virtual ceremony more information clic here 













NEWS PROVIDED BY
Cyber Security Global Excellence Awards® 2022
Frebruary 23, 2022
Related Links https://globeeawards.com/cyber-security-global-excellence-awards/winners
Judges | Cyber Security Global Excellence Awards

https://globeeawards.com/cyber-security-global-excellence-awards/judges/




SHARE THIS ARTICLE





E&T Innovation Awards Cybersecurity

E&T Innovation Awards Cybersecurity 2021


Finalists 2021 E&T Innovation Awards Cybersecurity with EviCypher Technology.

The Freemindtronic Andorra R&D team is very honored to nominated as finalist for the 2021 E&T Innovation Awards Cybersecurity.

This award recognises an organisation which is taking proactive steps to counter attacks and take preventative measures to remain one-step ahead of cyber threats.

The Cyber Security Award recognises the creative thinking, engineering, people and projects that are taking on this growing threat for the benefit of the global community. We will reward innovations that have reached the stage where its potential to mitigate risk to organisations, government and individuals has been clearly identified.

Entries can range from security research, to new products or services that help to solve today’s important security challenges.

A shortlist and winner will be selected by our judging panel.

https://eandtinnovationawards.theiet.org/the-awards/shortlist

The finalists Category Cybersecurity

We congratulate all the other finalists.

We would like to thank the members of the jury in the Communications & IT category for their interest in our latest Greentech innovation EviCypher.

Judges https://eandtinnovationawards.theiet.org/categories/cyber-security/

Based on the invention of Jacques GASCUEL, the EviCypher card is a keeper of secrets. It is very easy to use and very efficient for contactless, end-to-end encryption from an NFC hardware security module, sensitive data and in particular emails in Webmail services.

Below is the video of the Awards Ceremony of which Freemindtronic is a finalist.

 










NEWS PROVIDED BY
E&T Innovation Awards 2021
November, 2021
Related Links
https://eandtinnovationawards.theiet.org




SHARE THIS ARTICLE





E&T Innovation Awards Communications & IT

2021 E&T Innovation Awards Freemindtronic Andorra EviCypher Technology finalist Communications & IT


Finalists 2021 E&T Innovation Awards Communications & IT with EviCypher Technology.

The Freemindtronic Andorra R&D team is very honored to nominated as finalist for the 2021 E&T Innovation Awards for Communications & IT.

The E&T Innovation Awards recognise and celebrate the best new innovations in all areas of science, engineering and technology.

Entries can range from research concepts and ideas to technical issues and industrial applications such as dedicated mobile applications and solutions, wearable communication technology, wireless and wireline networking incl. 4G and 5G developments, M2M, IoT, Smart Sensors, infrastructure transformation, business efficiency and the use of big data.

Please consider how you can demonstrate the benefits of your innovation in your entry form. A shortlist and winner will be selected by our judging panel.

https://eandtinnovationawards.theiet.org/the-awards/shortlist

The finalists Category Communications  IT

We congratulate all the other finalists.

We would like to thank the members of the jury in the Communications & IT category for their interest in our latest Greentech innovation EviCypher.

Judges https://eandtinnovationawards.theiet.org/categories/communications-it/

Based on the invention of Jacques GASCUEL, the EviCypher card is a keeper of secrets. It is very easy to use and very efficient for contactless, end-to-end encryption from an NFC hardware security module, sensitive data and in particular emails in Webmail services.

Below is the video of the Awards Ceremony of which Freemindtronic is a finalist.

 










NEWS PROVIDED BY
E&T Innovation Awards 2021
November, 2021
Related Links
https://eandtinnovationawards.theiet.org




SHARE THIS ARTICLE





Geneva International Exhibition of Inventions 2021

Geneva International Exhibition of Inventions 2021 EviCypher HSM Technology Golden Medal Award Andorra Jacques Gascuel

Geneva International Exhibition of Inventions 2021: Celebrating Inventors’ Achievements

In March 2021, the Geneva International Exhibition of Inventions achieved a historic milestone by transitioning to a virtual format, transcending geographical boundaries and bringing together inventors from 25 countries. This global event served as a platform for groundbreaking solutions across various domains. A significant highlight was Andorra’s exceptional performance at the 2021 Geneva Inventions Expo, marking its inaugural appearance in the competition’s 49-year history.

Andorra’s Historic Triumph at the 2021 Geneva Inventions Expo

In a momentous turn of events, Jacques Gascuel, a French expatriate in Andorra, clinched the prestigious Gold Medal in the C category at the Exposition Internationale des Inventions de Genève, making history for Andorra.

Redefining Data Security: The EviCypher HSM Innovation

Gascuel’s invention, the EviCypher HSM, represents a groundbreaking leap in data security and confidentiality. This innovation facilitates secure data exchange while preserving utmost anonymity. At its core lies a state-of-the-art NFC HSM (Near Field Communication Hardware Security Module) enabling the creation, exchange, and secure utilization of encryption keys.

Andorra’s Historic Win 2021 Geneva Inventions Expo: Why It Matters

Andorra’s participation in the Geneva International Exhibition of Inventions holds immense historical importance, considering it had never taken part in this prestigious event since its inception in 1972. This competition stands as the largest annual gathering dedicated solely to invention, featuring participation from over 45 countries. It enjoys substantial support from the Swiss Federal Government, the State of Geneva, the city of Geneva, the World Intellectual Property Organization (WIPO), and the International Federation of Inventors’ Associations (IFIA).

Invention vs. Innovation: What’s the Difference and Why Does It Matter?

Invention and innovation are two different but complementary concepts in technology. According to the OECD, innovation is the implementation of a new or significantly improved product or process, a new marketing method, or a new organizational method. Innovation can be of product, process, marketing, or organization. Innovation aims to create added value, meet user needs, or solve social problems. According to WIPO, invention is a technical solution to a technical problem. An invention can be a product or a process and must be new, inventive, and industrially applicable to be patentable. Invention aims to make an original contribution to the state of the art, exploit scientific opportunities, or overcome technical limitations.

Therefore, it is essential to distinguish between invention and innovation. While innovation often refers to the improvement or refinement of existing concepts or products, invention involves the creation of entirely new solutions or technologies. To participate in such a prestigious event as the Geneva International Exhibition of Inventions, inventors must generally hold a patent or have a revolutionary concept protected by a patent application.

The Different Categories of Inventions at the Geneva International Exhibition of Inventions 2021

Inventions at the 2021 Geneva International Exhibition are classified into various categories based on their nature and application. Common categories include:

Class Category Description
A Mechanics, Engines, Machinery, Tools, Industrial Processes, Metallurgy
B Clocks and Watches, Jewelry, Machinery, Tools
C Computer Sciences, Software, Electronics, Electricity, Communication Methods
D Building, Architecture, Civil Engineering, Construction, Materials, Woodwork
E Sanitation, Ventilation, Heating
F Security, Rescue, Alarm
G Ironmongery, Do-It-Yourself
H Furnishing, Interior Architecture
I Domestic Science, Restaurant Equipment
J Commercial, Industrial, and Office Equipment
K Agriculture, Horticulture, Gardening
L Clothing, Textiles, Machines, and Accessories
M Medicine, Surgery, Hygiene, Orthopedics, Material for the Handicapped
N Optics, Photography, Cinematography
O Teaching Methods and Materials, Musical Instruments, Art Materials
P Transport, Motor Vehicles, Ships, Aviation, Accessories
Q Foodstuffs, Drinks, Cosmetics, Paramedical, Health, Hygiene
R Sport, Leisure
S Practical Novelties, Presents
T Publicity, Printing, Packaging
U Games, Toys
V Protection of the Environment, Energy

These diverse classes encompass a wide spectrum of inventions, from cutting-edge technology to practical everyday solutions. Each class represents a unique field where inventors contribute their creativity and expertise.

As we explore the full list of participants, we’ll witness the remarkable impact of human ingenuity across these categories.

The Diversity of Participating Countries at the Geneva International Exhibition of Inventions 2021

A total of 352 inventors from 25 countries participated in this global celebration of innovation and creativity. Here’s a breakdown of participating countries and their contributions:

Country Number of Participants
Andorra 1
Argentina 1
Canada 1
China 97
Egypt 10
France 5
Hong Kong 32
Iran 18
Malaysia 15
Peru 1
Poland 10
Qatar 4
Romania 2
Russia 5
Saudi Arabia 27
Senegal 1
South Korea 43
Spain 3
Switzerland 3
Taipei (Chinese Taipei) 21
Thailand 46
Ukraine 3
United States of America (USA) 1
Vietnam 1
Yemen 1

The Best Inventions from the 77 Class C Participants at the Geneva International Exhibition of Inventions 2021

They classify the innovations at the 2021 Geneva Fair into various categories based on their nature and application. Common categories include:

1 GASCUEL Jacques ANDORRA C
2 BEIJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS CHINA C
3 CHANGSHA UNIVERSITY OF SCIENCE AND TECHNOLOGY CHINA C, D
4 CHINA UNITED NETWORK COMMUNICATIONS GROUP COMPANY LIMITED CHINA C
5 CHONGQING THREE GORGES UNIVERSITY CHINA C
6 CHUNPENG WANG, YIYANG ZHAI, SHENG SU, SITAN JIANG CHINA C
7 COLLEGE OF ELECTRICAL ENGINEERING (ZHEJIANG UNIVERSITY) CHINA C, P
8 DALIAN UNIVERSITY OF TECHNOLOGY CHINA A, C, D, M, V
9 DEPARTMENT OF ELECTRICAL ENGINEERING, TSINGHUA UNIVERSITY CHINA C
10 FUDAN UNIVERSITY CHINA C, J, M, Q, V
11 GREE ELECTRIC APPLIANCES, INC. OF ZHUHAI CHINA A, C, E, V
12 GUODIAN UNITED POWER TECHNOLOGY COMPANY LTD. CHINA C
13 HARBIN ENGINEERING UNIVERSITY CHINA C
14 HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY CHINA A, C, J, M, Q, V
15 JIUJIANG JUNIOR MIDDLE SCHOOL CHINA C
16 NANJING UNIVERSITY CHINA A, C, M, P, V
17 NORTH CHINA ELECTRIC POWER UNIVERSITY CHINA C
18 NORTH UNIVERSITY OF CHINA CHINA C
19 NORTHEASTERN UNIVERSITY CHINA C
20 QINGDAO HAIER AIR-CONDITIONER GEN. CORP., LTD. CHINA C, E, V
21 SCHOOL OF ELECTRICAL AND INFORMATION ENGINEERING, TIANJIN UNIVERSITY CHINA C
22 SHANGHAI JIAO TONG UNIVERSITY CHINA C, P
23 SICHUAN ENERGY INTERNET RESEARCH INSTITUTE, TSINGHUA UNIVERSITY CHINA C, F, V
24 SOUTHEAST UNIVERSITY CHINA A, C, D, N, P, V
25 STATE GRID CORPORATION OF CHINA CHINA C
26 TSINGHUA UNIVERSITY CHINA A, C, D, K, P, V
27 TSINGHUA UNIVERSITY – JINGBO TAN CHINA C
28 TSINGHUA UNIVERSITY – ZHENG XIAOPING CHINA C
29 XI’AN JIAOTONG UNIVERSITY CHINA C
30 ZHEJIANG UNIVERSITY CHINA C
31 TAIPEI CITY UNIVERSITY OF SCIENCE AND TECHNOLOGY CHINESE TAIPEI C, D, E, F, J, P, R
32 TAIWAN HUIXIN TECHNOLOGY LTD. CO. CHINESE TAIPEI A, C, D, I, N, Q
33 AIVAZAN Inès FRANCE C
34 APPLICATION TECHNOLOGY COMPANY LIMITED HONG KONG C
35 BLUE PIN (HK) LIMITED HONG KONG C, J
36 CITY UNIVERSITY OF HONG KONG HONG KONG C, D, M
37 ELECTRICAL AND MECHANICAL SERVICES DEPARTMENT, THE GOVERNMENT OF THE HKSAR HONG KONG C, D, E, J, S
38 HONG KONG APPLIED SCIENCE AND TECHNOLOGY RESEARCH INSTITUTE (ASTRI) HONG KONG C, N, V
39 HONG KONG BAPTIST UNIVERSITY HONG KONG B, C, M, Q
40 HONG KONG PRODUCTIVITY COUNCIL HONG KONG A, B, C, D, E, F, M, P, R, V
41 INNOSPIRE TECHNOLOGY LIMITED HONG KONG C
42 LOGISTICS AND SUPPLY CHAIN MULTITECH R&D CENTRE (LSCM) HONG KONG C, P
43 THE CHINESE UNIVERSITY OF HONG KONG HONG KONG A, C, M, V
44 MIRKOHI Mohammadamin, MIRKOHI Dorsa IRAN C
45 NIROUMAND Vahid, ABBASZADEH Hamzeh IRAN C
46 SIDHU Manjit Singh MALAYSIA C
47 TIONG Sieh Kiong MALAYSIA C
48 LUBLIN UNIVERSITY OF TECHNOLOGY POLAND C
49 UTP UNIVERSITY OF SCIENCE AND TECHNOLOGY POLAND C
50 AL-RAHIMI Rashed, ZIAD Mohamed QATAR C
51 ABDULLAH Ziyad Ahmed Abdulmatin SAUDI ARABIA C
52 ABORAYA Dalia Refat SAUDI ARABIA C
53 AL-BOGAMI Amjad Salman SAUDI ARABIA C
54 AL-JOHANI Samar Olaythah SAUDI ARABIA C
55 AL-SHEHRI Samia Fayez Mohammed SAUDI ARABIA C
56 ALKHALIFAH Rayan, GHALY Sidi SAUDI ARABIA C
57 ALYAHYA Munirah, ALKHALIFAH Sadeem, ALAYBAN Dalal, ALMUHRIJ Alreem, ALOWISHEQ Areeb SAUDI ARABIA C
58 UNIVERSITY OF TABUK SAUDI ARABIA C
59 ALPHAO CO., LTD. SOUTH KOREA C
60 HWANG Gi Taek SOUTH KOREA C
61 JUNGLEMONSTER SOUTH KOREA C
62 KIM Sung Ryong SOUTH KOREA C
63 LEE Jongho SOUTH KOREA C
64 PARK KiHoon SOUTH KOREA C
65 SEUNGYONG Kim SOUTH KOREA C
66 YOO Cheolyong SOUTH KOREA C
67 ARAMVITH Supavadee, MUHAMMAD Wazir, RUANGSANG Watchara THAILAND C
68 CHUEAMUEANGPHAN Jirachet THAILAND C
69 KETCHAM Mahasak THAILAND C
70 KETCHAM Mahasak THAILAND C
71 KLINHOM Tunchanok, TANGKOCHAREON Thana THAILAND C
72 MANOSNGIAM Ronnakorn THAILAND C
73 PHOTHA Watcharpol THAILAND C
74 SOONTORNPIPIT Pichitpong THAILAND C, F, Q
75 SUDTHONGKHONG Chudanat THAILAND C
76 TUNTISITTHIKORN Oranuch THAILAND C
77 HASSAN Marwan UNITED STATES OF AMERICA C

Table: Outstanding Participants in Class C – Insert Table Here

EviCypher’s Breakthrough Invention in Class C

In the Class C category of the 2021 special edition of the Geneva International Exhibition of Inventions, one invention truly shone. EviCypher, an inventor hailing from the small principality of Andorra, achieved a remarkable feat that garnered the attention of the 82 international experts comprising the jury. These experts represented diverse technical, scientific, industrial, and commercial fields, and they hailed from 25 different countries and regions. The countries and regions included Switzerland, France, Spain, Italy, Germany, the United Kingdom, China, Hong Kong, Japan, South Korea, the United States, Canada, Brazil, India, Iran, Thailand, Malaysia, Singapore, Australia, and New Zealand.

The revolutionary invention of EviCypher HSM, known as EviCypher NFC HSM (Near-Field Communication – Hardware Security Module) based on EviCore NFC HSM technology or EviCypher HSM OpenPGP (Hardware Security Module Open Pretty Good Privacy) based on EviCore HSM OpenPGP technology, won the prestigious gold medal for its revolutionary innovation in the field of highly secure authentication. via segmented keys, without the need for a server or database. What sets EviCypher HSM apart is its unique approach, enabling end-to-end anonymized human-to-human interaction.

EviCypher HSM introduced two remarkable technologies: EviCypher HSM and EviCore HSM, both of which garnered international recognition. These implementations are distinguished by the EviCypher NFC HSM technology, which leverages an individual cryptography NFC HSM device based on NFC. This technology offers a secure means to create, exchange, and utilize encryption keys without the requirement for physical contact.

This exceptional accomplishment not only highlights EviCypher’s ingenuity but also underscores the far-reaching impact and global significance of the inventions showcased at the Geneva International Inventions Fair. EviCypher’s success stands as a testament to the innovative spirit that propels inventors from all corners of the world to participate in this prestigious event—a platform where revolutionary concepts come to life.

The Success Story of Andorra at the Geneva International Exhibition of Inventions 2021

The 2021 Geneva International Exhibition of Inventions also marked a historic moment for Andorra. This tiny European principality made its debut in the competition, a testament to the event’s global appeal. While Andorra is renowned for its picturesque landscapes, it unveiled a new facet—the innovation and creativity of its residents.

Jacques Gascuel, a resident of Andorra, represented his nation on the international stage. His invention, the EviCypher HSM, is a testament to human ingenuity and technological advancement. It introduced the world to cutting-edge data security and authentication solutions, showcasing the transformative power of invention.

Not only did Jacques Gascuel participate, but he also achieved a milestone by securing the prestigious Gold Medal in the C category. This historic win serves as an inspiration to inventors worldwide, proving that innovation knows no boundaries, and even the smallest nations can make significant contributions to the world of invention.

A Recap of the Inventors Showcase 2021 Geneva

This brief highlights the historic significance of the Geneva International Inventions Fair 2021, where an inventor from Andorra won a gold medal for his groundbreaking invention, the EviCypher HSM. It also explains the difference between invention and innovation and the importance of celebrating both.

A Remarkable Event for Invention and Innovation

The 2021 fair in Geneva was historic for many reasons. It displayed revolutionary inventions from around the world. It also marked a turning point for the event and for Andorra. PALEXPO SA organized this event. It praised the spirit of invention and innovation. These are two different but complementary concepts in technology.

Andorra’s First Participation: A Milestone for Inclusion and Creativity

For the Geneva International Exhibition of Inventions, this edition was truly unprecedented. It saw the inaugural participation of an inventor from Andorra, a country better known for the beauty of its landscapes than for its inventions. This milestone welcomed a new nation into the global fraternity of inventors, highlighting the universal appeal of invention and innovation. The inclusion of Andorra underlined the event’s commitment to inclusion and the promotion of creativity, regardless of a nation’s size or importance on the world stage.

Jacques Gascuel’s Gold Medal: A Breakthrough for Data Security and Privacy

This technology uses segmented key authentication, a disruptive innovation that redefines data security, access, confidentiality and individual sovereignty. This technique creates, exchanges and uses contactless secrets, using physical trust factors (authorized geographical area, local network BSSID, telephone identifier and/or barcode and/or password or original biometric elements (fingerprint , facial recognition, DNA, etc.). If a segment is not validated, the secret is physically and digitally unusable. Thus, sensitive data (such as personal, financial, medical, professional, etc.) is protected against any unauthorized access, modification, disclosure or destruction. Jacques Gascuel has shown the spirit and power of invention and innovation, as defined by WIPO. His invention is already used in the United States, China , in South Korea, Europe, Japan and Algeria.

A Message for Inventors Around the World

This historic achievement sets an inspiring example for inventors around the world. It shows that innovation knows no borders and that even the smallest of nations can have a significant impact on the global stage. The Geneva International Inventions Fair 2021 celebrated not only inventors and their creations, but also the collaborative and inclusive spirit of the inventions community. Innovation is the implementation of a new or significantly improved product or process, a new marketing method or a new organizational method, according to the OECD.

A Reminder of Innovation’s Role in Progress

As we reflect on this exceptional event, we are reminded that innovation drives progress and that inventions like the EviCypher HSM are paving the way for a more secure and connected future. It is a testament to the unwavering human spirit and the limitless potential of inventors to shape a better world through their creations. The 2021 Geneva International Exhibition of Inventions stands as a shining example of how innovation can transcend boundaries, bringing nations together in celebration of human creativity and ingenuity.

Conclusion

We look forward to future editions of this prestigious event, where inventors from around the world will continue to push the boundaries of what is possible and redefine the future. To participate in this event, inventors must hold a patent or have filed a patent application for a patentable concept. Therefore, it is essential to distinguish between invention and innovation and to celebrate both.

In the end, it’s not just about winning medals; it’s about changing the world, one invention at a time. And in this endeavor, inventors like Jacques Gascuel are leading the way.





EviCypher Technology NFC hardware wallet encryption key manager password manager gold medal 2021 of the Geneva international inventions secret keeper management by Freemindtronic Andorra


Downloads and more informations:

More information of golden Medal EviCypher NFC HSM click here 
Download list of participants in alphabetical order click here
Download Geneva-Exhibition-Brochure.pdf click hereD
ownload press releases: The following press releases are freely available for download click here



EviCypher A New Way to Keep Secrets and Pass Them On

EviCypher - EviToken Technology Technology A New Way to Keep Secrets and Pass Them On, multiple trust criteria, password, fingerprint, geolocation, BSSID, ID phone, Sharing Contactless Encryption, MFA, secret management by Freemindtronic Andorra


EviToken & EviCypher Technology a new way to keep secrets and pass them on.

EviToken & EviCypher technology to control information privacy is an absolute necessity today, as there are so many cyber malicious acts. We can cite among others acts such as phishing, stalking or ransomware. These so-called “cyber” threats alone represent approximately 75% of the infiltration techniques giving access to your confidential or personal data. All of these techniques have the same approach, which is identity theft. This mechanism allows an individual, or a machine, to impersonate someone or something else. The recipient thus deceived, lifts his natural mistrust to trust this ill-intentioned sender.

    Protection techniques for transmitting confidential or personal data have been around for a very long time, as have signature mechanisms. They are most often based on asymmetric key algorithms, with strong encryption (RSA of 2048 or 4096 bits or even ECDSA). Unfortunately, if the model on which these encryption techniques are based is proven and ensures flawless security, its IT implementation is, for its part, often undermined by man-in-the-middle attacks, or by elevations of law on information systems. These attacks, when identification or decryption relies only on one-factor authentication, allow the theft of encryption keys, and directly compromise the security of your data. To mitigate these threats, two-factor authentication (or 2FA) adds a layer of protection by either obtaining a unique code sent by SMS to your phone number, or by validating a request for it authentication (Google / Facebook), or through the use of authenticators which is increasingly recommended by security specialists.

Why use the EviToken & EviCypher Technology?

                 The purpose of EviToken & EviCypher technology is to secure secrets of different kinds, such as asymmetric keys (RSA), symmetric keys (AES) but also login information, PIN codes, account or bank card identifiers, cryptocurrency private keys, cryptocurrency wallet passphrases, cryptocurrency recovery phrases (SEED), etc. The EviToken & EviCypher secure safe is contained in a simple NFC card, not connected to a computer system. It communicates with the latter, on demand, via a near-field transmission protocol (NFC) which transmits data over an encrypted channel, built by EviToken & EviCypher. Secrets stored in the card are segmented and encrypted to make them physically inaccessible to cybercriminals. The EviToken & EviCypher secure safe is a real natural Air Gap component. Thus, apart from the case of data transmission, the architecture used has: no power supply; no security breach due to an increase in temperature (which makes it immune to malware such as “BitWhisper and Fansmitter”); no emission of sound signals, even those inaudible to the human ear and no emission of light or waves. Finally, to avoid a conflation with smart card-based systems, the support of EviToken & EviCypher technology does not require dedicated physical connection hardware with the digital system, nor does it have an operating system, which makes it insensitive to the introduction of malicious code as on a Java architecture. Like any electronic component, the EviToken & EviCypher secure safe can undergo invasive attacks which consist in using acids to expose the electronic circuit that will then have to be analyzed to try to understand the implementation of the secure secrets in multiple scrambled segments.

If EviToken & EviCypher technology provides security in a secure vault, what about the use of encryption keys to transport secrets over a secure channel?

In the context of two-factor authentication, we consider that you are the only one who can hold the second criterion of trust. This security measure traditionally allows, in case of failure, not to trigger the secure transport of your data. However, this function is not intended to secure the transport, it is the role of the encryption protocol to perform this operation. Thus, if the encryption keys are compromised, the data could be compromised during a listen. Faced with this problem, EviToken & EviCypher directly integrates metadata trust criteria into its encryption keys, in order to secure the encrypted messages during their transport. Thus, even in the event of a compromise of the keys, decryption remains blocked by the trust criteria. With this in mind, why stop at two criteria of trust? In its basic version, EviToken & EviCypher offers nine trust criteria based on the possession of a third-party object, technical components (phone ID, barcode, password, geolocation or BSSID) but also environmental and specific components to the sender, or recipient, to make data compromise even more difficult.

                A simple example, you want to send a confidential message containing your latest invention to a colleague in a hostile environment, with a high probability of compromise. You will therefore add non-digital trust criteria to your encryption key, to ensure its protection in the event of a compromise. The decryption of the message by the AES 256 symmetric key will only be accessible, by the digital tool, once the conditions related to the trust criteria have been met. If we base one of the trust criteria on a geolocation for example, the recipient must not only be in possession of an EviToken & EviCypher card, but also be physically located at the location of geolocation defined in the trust criteria to decrypt the message. This location may be known to the recipient like a convention, but may also not be known. The trust criterion will then be transmitted to him as one of the authentication multi-factors, by SMS / QR Code / Photo or any other means.

If EviToken & EviCypher technology provides security in a secure safe, encryption of messages with trust criteria based on environmental components, technical or not, what about the transmission of keys for use in a space digital connected?

                To secure end-to-end transmissions, several tools, used as gateways, such as smartphones or virtual keyboards, will be crossed.  EviToken & EviCypher then builds encrypted channels, from the first communications between the EviToken & EviCypher card and the first NFC communication gateway, using an AES 128 symmetric pairing key. The latter will be replaced by a 256-bit AES symmetric key, with different trust criteria depending on the user’s choice, when recording a secret. Communication with web browsers is achieved using 256-bit ECC ephemeral keys (X25519), to negotiate exchanges between the smartphone and the browser plugin, to insert website authentication, text decryption, etc. As for the transmission, from the smartphone, of texts, images or encrypted files, the encryption is carried out with a symmetric key AES 256 bits with trust criteria.

Why choose the EviToken & EviCypher technology?

Our goal is to better understand the feasibility of digital malicious acts through a human approach to attacks. Thus, if you do not physically have the EviToken & EviCypher card, or if you do not have access to it with a connection duration long enough to carry out an attack, it will be very difficult to compromise the safe, but it is quite obvious that «to the impossible no one is bound “. “However, this attack requires physical contact, it is no longer possible to hide behind anonymizers. Assuming that the encrypted message is sufficiently protected, with algorithms such as 2048- or 4096-bit RSA or even ECDSA, then it is necessary to look into the protection of the key. Indeed, this protection will remain true as long as the encryption and decryption keys remain secret. History of computer attacks shows certain difficulties in maintaining this assertion. It is therefore necessary to strengthen the protection of the keys, by accepting the compromise of the latter, while protecting the message during its transport. at best for this requirement, non-digital trust criteria, that is to say criteria known, held, observable or understandable by the recipient, are required for the decryption of the message and no longer of the key.

EviToken & EviCypher technology, by adding these trust criteria, changes the current paradigm of access to secrets. Thus, even if a secret, and more particularly a decryption key, were stolen, it could only be used if the trust criteria are met.

Based on the EviToken & EviCypher principle, the new EviCypher technology, which won the 2021 gold medal for international inventions from Geneva, brings new innovations in the creation, management, integration and augmented intelligence linked to the use of trust criteria. A new chapter on this internationally patented invention on segmented key authentication is opening.

About the author

fabrice crasnier cybersecurity university professor in france forensic expert of the court of appeal of toulouse in france and former forensic police officerFabrice Crasnier is the director of Research & Development departement of FREEMINDTRONIC. Freemindtronic, Andorran start-up designs and manufactures tailor-made solutions for its customers in the field of safety and cyber security of information systems and computer systems.

Fabrice is Associate Professor at Paul Sabatier University in Toulouse where he teaches cybercrime phenomena. He is at the origin of the creation of 3 forensic laboratories as head of forensic activities within the french police in Toulouse and within the SCASSI company. He has worked for 27 years in the judicial police, including 17 years following national and international cybercrime investigations. As a judicial expert since 2004 at the Court of Appeal of Toulouse, he has witnessed the delinquent transformation of cyberspace between 2000 and 2017. As a computer engineer, he has understood that the origin of cyberthreats is not always due to a defect in computer tools but more often to a misuse of these tools.

Fabrice can be reached online on LinkedIn: https://www.linkedin.com/in/fabricecrasnier/

For more information, visit the company website at www.freemindtronic.com






Freemindtronic Win Awards 2021 Next-Gen in Crypto Security with EviCypher & EviToken Technologies



Freemindtronic win awards 2021 Most Innovative in Hardware Password Manager with EviCypher & EviToken Technologies



Freemindtronic win awards 2021 Next-Gen in Secrets Management with EviCypher & EviToken Technologies








NEWS PROVIDED BY

Cyber Defense RSA Edition for 2021 
May 18, 2021
Related Link:
https://www.cyberdefensemagazine.com
Source Link:
https://www.cyberdefensemagazine.com/annual-editions/RSA-2021/Cyber-Defense-Magazine-RSA-Edition-for-2021.pdf




SHARE THIS ARTICLE





This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.