Mobile security must overcome significant issues, Mr. Shawki explained. Hardware approaches rely on elements such as a chip in a device. Such solutions are unique to one device, involve multiple parties, and are difficult to keep up to date. They are also expensive, difficult to understand and are slow to implement.
Encryption software is the other common method, but it has its limits, Mr. Shawki said. It is vulnerable on its own and often is a stitched together solution.
MagicCube also brings together different elements, but they work in concert to provide end-to-end security through a software Trusted Execution Environment (sTEE) which combines on-device and cloud components. A secure container is placed inside an app and completely isolated to safely store sensitive data and logic such as cryptokeys, payment tokens and user information. It safeguards mobile and IoT apps from more than 200 threats including cloning, lifting, man-in-the-middle, tampering, spoofing, denial of service, impersonation and repudiation by accessing multiple types and layers of encryption, obfuscation, tokenization, secure transport, and a designed-for-purpose set of countermeasures.
That allows the app to execute business rules which handle secure operations even when a device is offline. The “miniCloud” is the backend appliance which provides Cube security and management. It sits next to the app’s backend and connects with a few APIs. The software builds a complete platform with the best characteristics of a sTEE while also protecting data as it travels between the Cube and miniCloud. An SDK delivers the app component and it is easily integrated with an app requiring a minimum of APIs.
The IoT is a huge opportunity but comes with huge gaps, Mr. Shawki said.
“The typical connected car has seven or eight subsystems like entertainment and key systems. They are becoming smart and their operating systems come with the ability to connect to other objects, but also to hackers.”
Security was often an afterthought in the rush to progress, Mr. Shawki said, and the growth path of mobile payments technology is very similar. Device manufacturers are not chip manufacturers, so enter MagicCube to fill the void to protect data as it transfers between secure locations, a problem exposed by recent issues with eATMs where smartphones are used as identification. Hackers circumvented security and stole funds from customers by compromising the chip and exposing the chain of custody.
“The industry is moving fast, but not enough thought goes into what happens once these things are connected,” Mr. Shawki said.