OLD - altOS Secure Mobile Platform - Public
Download as PPTX, PDF0 likes60 views
CIS Mobile specializes in secure mobility solutions for government clients, leveraging a 65,000 sq. ft. facility and over 150 staff. The company focuses on hardening commercial off-the-shelf devices with patented technology to address the needs of high-threat users, such as military and intelligence personnel. Their platform offers functionalities tailored for high-risk mobile users, including secure data management and specific use cases to prevent data leakage.
OLD - altOS Secure Mobile Platform - Public
- 1. Mission Centered Mobility Platform 10 June 2020 Simon Hartley, CIS Mobile
- 2. CONFIDENTIAL. ALL RIGHTS RESERVED. CIS Mobile CIS Secure Specialist in hardening COTS telecom, computing, and video conferencing devices Government customers across IC, DoD, LE, and Civilian Government 65,000 sq. ft. NSA-Tempest certified production facility, labs, and demo center 150+ Staff in Ashburn, VA 2 decade history CIS Mobile Wholly owned subsidiary of CIS Secure Computing Focused exclusively on FVEY secure mobility Patented technology with $25MM+ invested since 2015 Reference customers in US, Canada, and UK
- 3. Consumer mobile device data exhaust and tracking Vanderbilt study on Google data collection Military fitness tracking NY Times Pentagon and POTUS tracking WhatsApp and Zoom tracking Troops leave behind personal devices “For the agencies that have prohibited personal smartphone use for work, 40% of employees said the guidelines have had little to no impact on their behavior.”
- 4. CONFIDENTIAL. ALL RIGHTS RESERVED. “High threat users” Intel, military, LE, or IG targeted by: Nation states Organized crime Terrorist organizations Mobile users who: Require mobile access to sensitive data / apps Work in secure buildings / sites Work / travel overseas
- 5. CONFIDENTIAL. ALL RIGHTS RESERVED. Sample Use Cases Google Google free Hidden Containers – covert / overseas use Later Secure ModeTrigger Trigger Unrestricted Use Secure Mode Google or no Google Prevent leakage of sensitive data / meta data to third parties Secure Mode – secure sites / missions Google free – limit app store, launcher, and ad ID tracking Multiple containers – many phones to 1 and rapid deployments Public Persona Hidden Container / Private Persona Prevent exfiltration of sensitive data Address different job and security requirements Prevent discovery of sensitive missions, apps, and data Mission Specific Work Personal Unrestricted Use Key use cases
- 6. CONFIDENTIAL. ALL RIGHTS RESERVED. AltOS Components Operating System Android (AOSP) + security enhancements, system services, containers & embedded management Management Server Application, network, and security management, control and monitoring. OTA Update Server Distribution of updates and security patches to altOS and system software Services Maintenance and support, security updates, customization and devices A mobile platform that provides the functionality, control, and trust required for high risk mobile users (AWS or On-Premises)
- 7. CONFIDENTIAL. ALL RIGHTS RESERVED. Supported Devices Smartphones • Pixel 3 and 3 XL • Pixel 3a and 3a XL • Sonim XP8 – Ruggedized
- 8. CONFIDENTIAL. ALL RIGHTS RESERVED. AWS or on-prem management
- 9. Remote worker setup – wired or wireless – mirror / desktop* Google Pixel 3a smartphone Powered USB hub Monitor adapter Mouse Keyboard Network connection
Editor's Notes
- #2: Our Alternative Android OS (altOS) is flashed one time onto standard Google Pixel 3a/3a XL smartphones and hardened Sonim XP8 smartphones then maintained OTA from a web-based console. We offer greater control than consumer-oriented Apple / Android mobile devices while being more affordable, easier to use, and maintain than government only platforms. We focus on these use cases for government communities beyond what regular Apple/Samsung devices do: Combo many devices into one - Multiple secure containers e.g. to support remote working / multiple independent levels of security Secure sites / missions - Controlling modems, cameras, mics, and tracking Covert / OCONUS usage - Hidden containers, anti-forensics, and spoofing Rapid updates / deployments - “Easy button” for scaled on-premises or cloud over-the-air management What do customers see drivers for altOS being? Moving from PCs and desk phones to mobile, to drive productivity Consolidating multiple devices into one, to drive prod Separating different levels of security – personal / unclassified / classified for security Driving actual usage of secure systems rather than defaulting to extremes of a) No mobile or b) Leaky COTS devices everywhere FOUO For Official Use Only SBU Sensitive But Unclassified CUI Controlled Unclassified Information NIPR Non-classified Internet Protocol SIPR Secret Internet Protocol
- #3: FVEY – Five Eyes – US, Canada, UK, Australia, and New Zealand
- #4: digitalcontentnext.org/blog/2018/08/21/google-data-collection-research/ washingtonpost.com/world/the-us-military-reviews-its-rules-as-new-details-of-us-soldiers-and-bases-emerge/2018/01/29/6310d518-050f-11e8-aa61-f3391373867e_story.html techcrunch.com/2019/11/15/los-angeles-juice-jacking-usb/ csoonline.com/article/3448316/cell-phones-dont-belong-in-scifs-says-republican-congressman.html businessinsider.com/nyt-tracked-trump-leaked-location-data-mobile-phone-spying-easy-2019-12 nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html wsj.com/articles/police-tracked-a-terror-suspectuntil-his-phone-went-dark-after-a-facebook-warning-11577996973 https://wsj.com/articles/u-s-military-bans-tiktok-over-ties-to-china-11578090613 https://www.zdnet.com/google-amp/article/us-troops-deploying-to-the-middle-east-told-to-leave-personal-devices-at-home/ https://www.militarytimes.com/flashpoints/2020/01/23/deployed-82nd-airborne-unit-told-to-use-these-encrypted-messaging-apps-on-government-cellphones/ https://www.govexec.com/workforce/2020/03/white-house-calls-maximum-telework-flexibilities-dc-area-employees/163797/ https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/ https://www.afcea.org/content/government-mobile-device-use-still-vulnerable
- #7: Single Server Configuration base requirements for a server with all services installed sized to manage up to 1,000 devices. OS: Ubuntu 18.04 LTS x64 (AMD64) Multi Core CPU: minimum 8 cores CPU speed: minimum 2 GHz RAM : 16 GB DISK: minimum 1 TB The database growth rate is approximately 150 MB disk space and 70 MB RAM for each additional 1K devices, the above server configuration should be suitable for deployments up to 5k devices. Protection is three-fold: • Patching — Our altOS platform is based on the Android Open Source Project (AOSP). Any issue is patched by Google, and we pass through the monthly patches to our customers to keep them safe any issues reported. AltOS’ differentiation in the marketplace is not trying to find or respond to security issues faster than Google itself but instead in making the patching process simpler and easier than the traditional process whereby Google releases patches to OEMs, who then release them to carriers, and then to devices, which can mean vulnerability windows of months. • App white / black listing - You can control what apps run on your altOS devices from our management console. You can ensure your users only use apps that you’ve tested and approved to protect against these kinds of malicious attacks. • Optional Mobile Threat Defense (MTD) / Mobile Endpoint Defense tools — We have partnered with Zimperium to test their tools on altOS. We can do the same with other protection products.
- #8: "Google's $399 iPhone Killer” -- www.wired.com/story/google-pixel-3a-io-2019-todays-news/ “Rugged phone you can literally jump on” -- mobilesyrup.com/2019/07/19/sonim-xp8-review/
- #10: Older hardware / OS = mirroring New hardware / OS = desktop experience with multiple windows