Imagine if a year’s worth of your phone activity were exposed to the world.  All of your web browsing history, texts, messages sent on so-called “encrypted messaging apps”, videos, photos suddenly exposed for the world to see.

Pretty scary, isn’t it?

Well, that’s exactly what happened to tech titan, Jeff Bezos, in May 2018.

On May 1, 2018, Jeff Bezos and Saudi Crown Prince Mohammed bin Salman (MBS) exchanged WhatsApp messages.  The message that MBS sent to Bezos contained a malicious file that infiltrated Bezos’ entire phone without his knowledge.

For the next eight months, Bezos conducted business and personal affairs (including his then-secret extramarital affair with Lauren Sanchez) on his compromised phone, not realizing that massive amounts of data were being extracted from his phone – to include scandalous photos and messages between himself and Sanchez.

There’s also a great amount of other compromised data from Bezos’ phone that the Saudis are privy to of which the public is unaware.

Many people use messaging apps like WhatsApp, Signal, Wickr, etc. which are marketed as secure or encrypted, but they do not protect any aspect of your communications if your phone is already hacked, such as in the case of Bezos.

In fact, users of these messaging apps operate with a false sense of security because the apps are marketed as encrypted.  However, if your phone’s security is breached, any “secure” messages and calls sent on these apps can be intercepted including who sent the message or call and who received it.

Additionally, many of these encrypted messaging apps are owned by big tech companies.  So, while these apps use end-to-end encryption (on an uncompromised phone), this form of encryption only protects the contents of messages or calls, but not key identifying attributes of the messages or calls.  It also does not protect you from spyware or malware.

Despite common misconceptions, these applications are not truly anonymous, requiring users to sign up using a phone number that can easily be traced back to them.  Among other concerns, this has huge implications to a user’s physical security.

Opportunistic criminals and foreign governments regularly attempt to access users’ personal data to steal their identities, access and empty bank accounts, and hold users’ data for ransom.  Many of these attacks are not hardcore hacks but are quite simple and take advantage of a user’s own behaviors.

Phishing attacks are simple attacks involve sending users normal-looking text messages, emails, images, or ads with a malicious link disguised as a trusted website.  When the unsuspecting user clicks on this infected link, it infects their phone with malware.

Oftentimes, you won’t know that your phone has been infected with malware and depending on the type of malware itself it can access just about anything on your phone.  It can even access your personal information and send it to hackers overseas to drain your bank accounts.

If you’re in the habit of signing into public WiFi networks and you’re at all concerned about your privacy, then this is a habit to immediately break.

Criminals and foreign government agencies, often hack into public WiFi found at coffee shops, hotels and airports, allowing them access to the online activity, passwords, files, and emails of everyone logged into that WiFi network.

Keeping communications and privacy safe requires two things: using a phone that is protected from compromise down to the hardware level and strong personal security habits and hygiene.  A secure phone can protect you from attacks while also helping you adopt new cyber security habits and behaviors.

A secure phone is a specially modified phone that protects a user’s data in a myriad of ways.

For one, it will limit the types of apps and software that can be installed on the device.  That’s because each time an app is installed on a phone, it introduces all the vulnerabilities that the app brings with it in its base code, updates, and code patches.

So, that means that common apps like Facebook, Instagram, WhatsApp, Twitter, etc. won’t be installed.  It also extends to many other utility applications that are commonly installed on your phone like Waze, Venmo, and many others.

That very fact may make a secure phone a non-starter option for some — but for those who are serious about their information security and physical security, it is a must.*

Secure phones should also regularly deploy security patches quickly to repair firmware and software vulnerabilities, as well as proactively identify and isolate malicious software.  These patches should be pushed through a secure, controlled pipeline versus through an app store.

Voice calls and message contents are particularly vulnerable to compromise in transit across the internet and must be encrypted using end-to-end encryption.

To protect key identifying attributes about these calls and messages, the additional layer of a Virtual Private Network (VPN) should be used, and a good secure phone will include this feature.  VPNs form an impenetrable tunnel that protects both the contents of the call or message itself and its key identifying attributes.

All files, photos, and messages stored on a secure phone must also be automatically encrypted.

Additionally, mobile devices must have their firmware programmed to allow the user to completely disable the phone’s internal radios (i.e., cellular, WiFi, Bluetooth, NFC, and GPS). These internal radios are programmed to “leak” data to advertisers and government agencies, even when that connection appears to be completely switched off or the phone is in airplane mode.

An important security measure for a truly secure phone is the ability to identify and isolate malware as soon as it is introduced.

And as a last resort, the phone should have a self-destruct option. While it may seem like an exaggerated feature in spy flick, a secure phone provides the user the ability to wipe the device in the event of compromise.  This should be triggered by a user-initiated sequence through a duress code or initiated by a remote administrator.

Had Jeff Bezos utilized a secure phone, the 2018 malware attack on his phone would have never been successful.

This is why elite security operatives and agencies use secure phones and other secure communications devices instead of regular off-the-shelf smartphones. This is especially true for high-threat protection operations.

At Hyperion, our agents utilize specialized secure phones which we also recommend to clients. This is particularly necessary when the client is a corporate executive, political leader, high net worth individual, or an individual or team traveling to a high cyber threat environment like Mexico, Iran, Russia, China, Taiwan, Saudi Arabia, etc. and needs an untraceable phone.

Hyperion uses custom secure phones that are designed by elite former cyber security professionals from the NSA and are manufactured in the US with a trusted supply chain.

The most secure phone you can buy is easier to use and more affordable than you think.  For $1,500 per month, you can get a secure phone with unlimited global calling and data that allows you to securely communicate with others and to protect your personal data from criminals, big tech companies, governments, and the rest of the internet.

Additionally, every phone comes with 24/7 access to Hyperion’s security advisors, on-call technical support, and secure courier of the phone by a Hyperion security agent, to any location in the world, at no additional cost.

Protecting corporate and personal data on your phone requires robust, layered security measures. Secure messaging apps are rife with vulnerabilities and only build a false sense of security, often putting users at greater risk of compromising sensitive information.

If you’re serious about your personal privacy and physical security when traveling, protect your communications and your data with a secure phone.  To find out more about the secure phones that we use at Hyperion, visit our information page or talk to one of our security advisors for a demo.**