SecureCom Mobile s mission is to help people keep their private communication private.

Transcription

1 About SecureCom Mobile SecureCom Mobile s mission is to help people keep their private communication private. We believe people have a right to share ideas with each other, confident that only the intended recipients will have access. We believe that pervasive monitoring of everyone s communication is an attack that should be mitigated where possible. We believe that network operators have no business spying on their customers, or enabling others to do so. We are encrypting the internet and telephonic communications of the common cell phone user and will establish standards that others will follow. We develop open source software designed to make modern cryptography available to, and accessible by ordinary people - for Voice communications, Text communications (SMS), and Messaging communications including large size file attachments as an encrypted messaging and file transport replacement for . SecureCom Mobile developed Voice, Messaging and Texting service that works with all major mobile platforms which is completely secure against mass surveillance. The Company uses strong encryption for the highest security, providing secure voice, messaging, and text communication between users. The Company's software provides complete privacy as all communication contents are encrypted; only the sender and recipient have access to your private communications between devices. Strategic Direction - Build it and they will come We are making our software encrypted communications products available to all modern operating systems: (Windows, ios, Linux, Blackberry, Android), in addition to all hardware platforms. Smartphone Platform Build Out - Apps to work on ALL popular smartphone platforms - Apple ios, Windows, Android,and Blackberry - Company strategy is to encrypt all smartphone platforms for voice, text, and private messaging. This differs from the competition in our space that work on limited platforms and with non-open source code (to confirm no back doors). Any two SecureCom users will be able to converse across all major platforms worldwide. There are nearly 4 billion smartphones already in existence and SecureCom wants them all to have the option of encrypted communications independent of the operating platform they choose. 1

2 Current products SecureCom Text - Encrypted end to end SMS communications with limited file attachments (pictures). Replaces your existing texting app and works in encrypted and unencrypted modes with all your existing contacts and threads. SecureCom Private Messaging - Encrypted end to end private messaging with expanded data attachments. All popular file attachments supported; large file sizes available for transport. Encrypts message and attachments. SecureCom Voice - Encrypted end to end voice communications, worldwide coverage, no long distance charges, also works on wifi. Automatic transfer from/to wifi if available, even while call in progress. Auto callback feature if call dropped due to signal issues. The information environment Encryption provides privacy when properly employed. Cell phone encryption has been sabotaged in several ways: 1. Cellphone privacy features were deliberately designed to be weak. Strong encryption is required to protect private communication. The Global System For Mobile Communication ("GSM") standard specifically mandated a weakened encryption algorithm to enable eavesdropping. In 1990, when GSM was relatively new, only determined and well funded organizations could execute a successful attack. A decade later advances in cryptography and computer technology had reduced the cost of a successful attack so much that an individual could afford the purchase the necessary tools. Today, anyone with a computer, a $30 radio, and time to follow a free step by step tutorial can break it. 2. SIM card encryption is not protecting the communication between two parties. Regardless of encryption strength, in order for cellphone encryption to be effective, it must be used in the correct place. The correct place is in between those who are supposed to have access to the private communication. Instead of placing the encryption in the correct place between the users, cellphone encryption is placed on the phone's SIM card between the user and their wireless network provider, so that wireless network providers are able to eavesdrop. 2

3 3. Cell phone encryption keys are in the hands of outsiders or have been stolen. All encryption utilizes secret keys. It s crucial that only those who are allowed to view the communication possess the secret keys. For GSM cellphone privacy to work as advertised, secret keys must reside only on the customer s mobile phone and in the infrastructure of the wireless service provider. Instead, it is a third party SIM card manufacturer who creates the secret keys; SIM cards are sold to the wireless service provider, which means that right from the start someone who isn t supposed to have access to private communication has the means to eavesdrop on it. The attack by US and British spies to steal SIM card encryption keys has broadened illicit access to your cell phone's SIM card based encryption. These weaknesses, broken encryption, improperly placed encryption, and possession of encryption keys by third parties, constitute backdoor breaches in cellphone privacy. SecureCom Mobile users are protected from the security weaknesses outlined above: SecureCom Mobile products only use strong encryption algorithms. SecureCom encryption is placed between the end users, preventing us, your wireless service provider, and other third parties from reading or listening in on your conversations. SecureCom secret encryption keys are manufactured on your own device, and that s where they stay. We don t get copies, your wireless service provider doesn t get copies, and your wireless service providers' SIM card manufacturer certainly doesn t get copies either. In addition, protocols by design are not reliably encrypted, so SecureCom Messenger fills that gap. How is SecureCom technology different? Encryption isn t new, and there are numerous companies offering encryption products. Communication technology is everywhere. There are billions of devices interconnected through a vast, global network What distinguishes SecureCom Mobile from other suppliers of encryption products is that we use an open source software development model and make our software avail 3

4 able under the GPL The same free software license that Linux, Wordpress, and many other open source works use. What is the advantage of being open sourced? There are several advantages. Ultimately, open source software is more trustworthy than a proprietary equivalent. Open source products give the public effective recourse against attacks. With proprietary software it s very difficult to verify that the software does what it s supposed to do. Open source makes it a lot easier to detect the presence of undesirable features, and even more importantly, open source gives users the power to remove undesirable features by themselves. Is it secure? Yes, to the best of our knowledge it s secure. And if we learn of any vulnerability we will correct it and issue public statements explaining the technical details. Security is a process, and attacks always get better. SecureCom Mobile doesn t design cryptographic algorithms or protocols. As much as possible, we build our services with what we view as the best, well-tested and well-reviewed cryptographic components available. Closed source communication applications like Skype, imessage, BBM (Blackberry Messenger) and many others require you to trust the company that writes the software. They do not open their software to inspection. SecureCom Mobile removes any doubt of back door access by publishing our software code for everyone to easily verify. The technology - Messaging It s asynchronous: The recipient of the message doesn t need to be online when the sender initiates communication,and the protocol still retains important properties below. This is not a trivial thing. Forward Secrecy: Secret keys are discarded, so if there s a long-term key compromise then past communication remains private. 4

5 Deniable: Messages cannot be tampered with in transit, and peers can be sure they re talking to who they think they are and not an imposter, and yet at the same time nobody is left with any proof that a particular person sent any given message. Groups with transcript consistency: All of the above properties apply to groups, plus the added benefit that malicious behaviour in group settings such as trying to send different messages to different group members or reordering messages can be detected. It s always encrypted. Message Auto Deletion: Messages can be deleted on devices automatically at any predetermined length... or not depending on user preference. The technology - Voice Real time communication (e.g.,. Voice, Video, Desktop sharing, etc) is always split into signalling and payload : Custom signalling protocol that is minimal, making it possible to implement securely. Moreover, security part of the original design, not an afterthought as with SIP or XMPP. Payload encryption is setup with ZRTP, which peer to peer, no third party trust. All transmissions are encrypted using 256 bit AES in cipher block chaining mode and using a key randomly generated by your phone at registration. The hash based message authentication code (HMAC) is SHA 256, a very strong and completely secure algorithm that ensures if a message is intercepted it cannot be read. Our voice data is encrypted with 256 bit AES in counter mode. The message authentication code algorithm is SHA1. New keys are generated for each call and destroyed immediately after the call is terminated, eliminating the possibility of retroactive compromise. Based on the very popular Android interface, SecureCom Mobile is simple and straight forward to use. All peer-to-peer calls and texts use an intuitive menu that references your contacts and displays secure communications. You call and text as usual. Non-secure calls or texts to outside devices are prominently displayed as UNSECURE. The Future Product enhancements to our software communications products in the works: 5

6 SecureCom Messaging/Text/Voice - "Independent audit" - Independent Audit Confirms Encryption Software conforms to Open Standards (no back doors). Few people have the expertise or time to verify our published source code. SecureCom Mobile is unique in offering assurance to customers that software updates are trustworthy by partnering with security experts from around the world. Updates must be verified by experts operating at arm s length from SecureCom Mobile before customer devices will allow them to be installed. Coercion by an agency to create a "back door" is impossible as multiple international audits of software versions and updates must conform to publicly disclosed source code. SecureCom Messaging/Text - "Traffic obfuscation" - Patterns of communications can tell someone a lot about the communicator even though communications are encrypted. Even when the content of a message is secured with encryption, metadata such as sender, receiver, timestamp, and message size can compromise privacy. Secure com Mobile defends customers from traffic analysis with onion routing and decoy messages. Who communicates with whom, and when cannot be proven by mobile carriers or SecureCom Mobile Ltd. SecureCom Messaging/Text - "Message changing" - Currently, texts and s have locked forever the statements made by users by creating a formal record on source and destination devices. What if the program was designed to allow the source and target users to change the information in messages at both source and target after it was sent or received? The transmitted data is protected in transit as it is encrypted. It is only decrypted on source and target devices. If the message contents was editable on those source and target devices by design, then what is "real" is no longer something you need to protect in unencrypted form, because either source or target user of the information could change it. How big is the potential market? It s basic human nature to seek privacy. We re in the business of providing privacy solutions for the information age. Our aim is more than smart phones; it encompasses Internet communications, replacement of , voice communications on all operating systems, and all hardware platforms. SecureCom - the new standard in encrypted communications. Forward-Looking Information: This document may include forward-looking information within the meaning of Canadian securities legislation, concerning the business of SecureCom. Forward-looking information is based on certain key expectations and assumptions made by the management of SecureCom, including future plans for the research and development of digital products. Although Se- 6

7 curecom believes that the expectations and assumptions on which such forward-looking information is based are reasonable, undue reliance should not be placed on the forward-looking information because SecureCom can give no assurance that they will prove to be correct. Forward-looking statements contained in this document are made as of the date of this document. SecureCom disclaims any intent or obligation to update publicly any forward-looking information, whether as a result of new information, future events or results or otherwise, other than as required by applicable securities laws. Forward-looking statements are often identified by terms such as will, may, should, anticipate, expects and similar expressions. All statements other than statements of historical fact, included in this document are forward-looking statements that involve risks and uncertainties. There can be no assurance that such statements will prove to be accurate and actual results and future events could differ materially from those anticipated in such statements. Important factors that could cause actual results to differ materially from the Company s expectations include the failure to satisfy the conditions of the Canadian Securities Exchange and other risks detailed from time to time in the filings made by the Company with securities regulations. The reader is cautioned that assumptions used in the preparation of any forward-looking information may prove to be incorrect. Events or circumstances may cause actual results to differ materially from those predicted, as a result of numerous known and unknown risks, uncertainties, and other factors, many of which are beyond the control of the Company. The reader is cautioned not to place undue reliance on any forward-looking information. Forward-looking statements contained in this document are expressly qualified by this cautionary statement. 7