Communication Security vulnerabilities

Commonplace vulnerabilities and the solution by PTechnology

While business communication used to take place mainly in a more secure, managed environment, this has changed rapidly with the proliferation of remote working. Collaboration and discussions are digitized, but the digital services and tools used may not have adequate security capabilities and IT support.
With the increase of vulnerable devices and networks, not surprisingly, the volume and efficiency of cybercrime like IP theft and eavesdropping are drastically increased.
PTechnology offers a secure communication solution to protect your calls and messages from cybercriminals, industrial espionage or hostile foreign government surveillance even using your existing smartphone.

Why would anyone monitor my conversation?


Why would anyone monitor my conversation?

Cybercrime has grown into a huge business, the industry estimating the damage to be $ 6 trillion by 2021.

Being a victim of a cyber attack is not the large enterprises' privilege anymore: in a three year period, almost every business and individual is a victim of an attempted cyberattack in developed countries - as a business, for industrial espionage or foreign government surveillance, as an individual, for identity theft or your vaccine passport, for example.

Who are there behind the cyber attacks?

  • Cyber criminal individuals and organisations, interested in making money through fraud or from the sale of collected information.
  • Industry competitors and foreign intelligence services interested in gaining economic advantage for their companies or countries.
  • Hackers who find hacking into systems as an enjoyable challenge.
  • Hacktivist, who attack companies for political or ideological motives
  • Employees or those who have legitimate access, either by an accidental or deliberate misuse of power.

What does a targeted attack look like?

Cybercriminals map the communication habits, tools and platforms used by the target company or person. Based on the information gathered, they identify the most vulnerable parts of the communication and then develop an action plan to achieve their goals.

Making a call from an unprotected smartphone or over an improperly configured home office network can suffice, and communication data becomes traceable and observable without the victim's knowledge.

Solution: PTechnology Shielded Ecosystem

An isolated, entirely closed, secure communication network—non-Peer-To-Peer connection, where the globally deployed communication servers protect your calls. The transferred data is encrypted with strings of our unique cryptography methods. There are no backdoors, no encryption gaps in the system.

There is no point to hack the servers, there are nothing to steal there. No communication data, messaging, sent file is recorded, saved, or stored on the server. No device usage or communication logs are in the system.

Common communication security vulnerabilities


Mobile devices and communication platforms have become particularly important in recent years, especially in the world of remote work, caused by a pandemic. Even companies have a good chance of securing the necessary and sufficient solution to protect their PCs, the protection of communications and mobile devices is often immature.

While many businesses are still using the traditional unencrypted, insecure analogue or ISDN phone lines, those solutions will be phased out in a couple of years (UK: 2024, USA: 2025) and switched by the internet-based communication technology (VoIP/VoLTE).

The new telecommunication technology could be more capable of protecting the conversations; still, the service providers prefer to satisfy the convenience demands of their users rather than keep their communication safe.

Encrypted Peer-To-Peer connection is far not enough secure, even it seems and sounds still a good marketing slogan.

In the following, for a better understanding, we present the schematics of a phone call, with a few examples of weak links and vulnerabilities in it that are just the tip of the iceberg.

Distinguished communication steps: the Sender device (1), the Local network (2), the Communication network (3), the Receiver local network (4) and the Receiver device (5).

Common vulnerabilities of end-user devices (1)(5)

Operating System or Firmware Vulnerabilities

Security threats to the operating system and firmware are hazardous because attackers can gain higher-level permissions than normal application access levels. A relevant example is the Pegasus spyware, used by hostile governments, which can activate the phone’s camera and microphone on both iOS and Android devices, without any detectable sign.

Pegasus eavesdrops on conversations around the device, tracks the victims movements, and access even end-to-end encrypted messages.

Smartphone Application Vulnerabilities

Many Android and iOS productivity and business apps are published with vulnerabilities. App-dedicated cybercrime groups constantly monitor these security issues, which they document and sell on the dark web in exchange for a few dollars worth of cryptocurrency. The attack teams purchase the relevant ones, and launch targeted attacks against the aimed devices.

In case of success, they can monitor and read the sent and received messages, documents, as well as calls.

Human errors: postponed security updates

It can take days between the identification of the vulnerability and the patch to be released, during which time the device is exposed to a well-known security risk.

In the case of landline devices, a widespread problem is the lack of security firmware updates because of the end of their lifetime.

Human errors: poor password habits

Using a weak password is surprisingly popular, one of the most common cybersecurity mistakes still.

In 2020, more than 100,000,000 compromised account's password was '123456', '123456789' came in second with 46,027,530, followed by '12345' with 32,955,431. Beautiful.


Common vulnerabilities of local network infrastructure (2)(4)

WPA2 Krack Vulnerability

Basically, every WPA2-PSK WiFi network without a proper VPN service is vulnerable to the Key Reinstallation Attack. It can be exploited in a “man-in-the-middle” attack; as a result, the sensitive data you send on the network will be virtually unencrypted and readable for the attacker, from communications data to messages, bank credentials and so on.

Weak Wi-Fi password

Decrypting a 12-character long password that includes various characters can take years, while brute-forcing a simple 5-character long WPA2 password takes only a few minutes. It is important to note that the password decryption process does not need to check the guesses by connecting the router.

Weak network configuration

Same SSID and password combination for years. Unused but not disabled remote management and remote printing features. Not disabled USB and other connectivity options. No MAC address filtering. Enabling vulnerable network discovery or DLNA services. Using DynDNS without proper firewall settings - to mention just a few examples of commonplace mistakes.

Lack of network zones

Not using Demilitarized Zones (DMZ) is a considerable risk, especially with using the service-provider provided default network devices at home. Well-known previous generation IoT devices like Smart TVs, wireless fire alarms, or intercom systems can easily be access point to infect the devices on the network.


Common vulnerabilities of communication network (3)

Outdated communication networks/technology

Classic PSTN and ISDN telephone lines as well as SMS/MMS messages do not have the necessary encryption, so the intercepted communication remains interpretable. Virtually by touching the cord of a handset to the appropriate fuse box, you can listen to the conversation.

Man-In-The-Middle attacks

Especially in the case of international calls, the communication data reaches the targeted device via the complex network systems of several service providers, sometimes touching the servers of the local authorities. In many cases, it is enough to find only one vulnerable point in the network that can be compromised, and the calls become audible to the attacker.

Saved communication by the provider

Depending on the local authorities, the phone carriers record your text messages and your calls. The digital collaboration and communication platforms stepped up one, and they do not just store, but even analyse, use and sometimes sell your communication data.

Data breaches of the service provider

Hundreds of millions of our personally identifiable information go to the dark web every year due to data breaches. Example: A major telecom company that partners with AT&T and Verizon said hackers had access to its system for over 5 years, exposing billions of texts


The solution: PTechnology Shielded Ecosystem


Although our communication solution is extremely complex from data network and cryptographic perspective, it is based on our three principles:

Globally deployed, multiple-encoded communication servers, connected by dedicated lines.

Instead of using the unprotected Peer-To-Peer transfer method, the communication data are transferred by our globally deployed servers with outstanding cryptographic computing capacity.

An entirely closed, invisible communication network with its own 7-digit phone numbers.

The closed communication ecosystem is not visible to the outside world at all. It is only possible to connect from a device with PTechnology cryptographic algorithms.

No communication data and system usage log is generated on the servers. No sync, no backups.

It is both interests: without storing any personal and communication data, we do have to protect nothing. As a result, there is no point to hack our system.

The communication inside PTechnology Shielded Ecosystem looks like this:

PTechnology Shielded Ecosystem: the Sender device (1), the Connection (2) to the PTechnology Server Infrastructure (3), the Connection (4) to the Receiver device (5).

Secure sender and receiver end-user clients

Closed system, no integration points or APIs

Both PPcrypt, NonPry and NPconf software run within an isolated environment of the given landline or smartphone devices to protect the encoding and cryptography methods. To maintain the integrity of the entire system, there are no universal APIs or other connection points for data input or output.

Completely different credentials, 2FA login

The client cannot use any Personally Identifiable Information (PII) to authenticate the device and software on the servers; the credentials are unique, the combination of the inside account number and your chosen password. With two-factor authentication, password-related human errors possibility is minimised.

No data backups or server-based databases

Data and information on the client, such as call logs, sent and received messages, are not synchronized or backed up to the server. This is an intentional feature for cyber security reasons.

Designed for secure communication

All functions of all devices are designed in such a way that they do not give room for compromise of communication security and the parties' data privacy. For that reason, there are no stickers or read recipients in the system, for example.


Secure connection between clients and servers

Connection to the nearest server

Instead of trusting the absolutely unknown phone carrier mixture owned servers and network infrastructure like the solutions using P2P method, in PTechnology Shielded Ecosystem, the communication data is transferred by our own military+ grade secure and global infrastructure. the cryptographic processes, the end-user devices send the encoded communication data directly to the closest server.

Untraceable VPN+TOR-like channels

Communication between the PTechnology server and the client is via a specially protected and highly secure channel, most similar to a combination of the features of an on-premises VPN system and the ONION network behind the TOR browser.

Man-In-The-Middle attack detection

The strong encryption mechanism prevents the low-skilled attackers to brute-force their way into the communication channels and begin man-in-the-middle attacking. However, to maximize security, if necessary, the self-defense system activates itself and disconnects the line as well as the server-client connection.

Multi-level encrypted data transfer

For the sake of example: NonPry uses SDES - RFC 4568 for Media Streams and is a way to negotiate the key for SRTP/ZRTP. The keys are transported in the SDP attachment of a SIP message using TLS transport layer and other methods like S/MIME.


Secure communication infrastructure

Globally deployed communication servers

To make communication more secure, hundreds of PTechnology servers around the world are waiting for local clients to connect. Antarctica is the only continent where we do not have servers, but with internet access or a satellite phone, duplex communication works perfectly there as well.

Dedicated, high bandwidth secured network

Communication between PTechnology servers takes place over a very high level of dedicated lines with complete protection, even for overseas servers. Thanks to the ample bandwidth, international calls between two distant parts of the world are also in HD quality and have as low a delay as a local call.

No data or logs in the system, only data transfer

The primary and sole function of communications servers is to trace and securely transmit audio and video calls, text and voice messages, documents, sensitive images, and videos between clients. Not even we see event logs ourselves, as they are not intentionally made.

Closed system, no integration points or APIs

One of the most important components of PTechnology Shielded Ecosystem security is its complete enclosure, which is due to the complete impenetrability of end-user client devices and software, server-to-client connections, and server-to-server connections. There is no way to connect external systems that would jeopardize our Security and Data Privacy principles.


PTechnology versus other service providers


PTech. to PTech.

PTech. to Regular

Regular to Regular

In summary Inside PTechnology Shielded Ecosystem, the communication is safe, protected, unsaved, unstored, and entirely free. No one can intercept your calls. Your privacy is protected, if you do not use outgoing ID, except if the listeners are using voice recognition. Your calls are unsecure, tappable, your contact network is traceable and easily visualisable. Avoid sensitive calls, especially if you are a priority person.
Connection security Protected, untappable, multi-layered channel and data encryption, including SRTP/ZRTP-TLS PTechnology: secure until public ecosystem
Regular providers: tappable + backdoors
Notoriously vulnerable, easily hackable, interceptable, especially the GSM communication.
Communication and call logs No call logs generated: in the system, no data are saved or stored. PTechnology: no data saved or stored
Regular providers: save and stored
Logs of calls and messaging are created, stored, and bound to your personal and financial data. Every of your calls and messages are tracable.
Personal and financial data No financial data are stored, and we only need an email address during a registration, which is not bound to any communication data. PTechnology: not saved or bound
Regular providers: saved, stored, bound
Regular providers collect, save, store and process every data in their big data systems. A hostile government can request for your profile easily.
Local calls Completely free and limitless Very low call rates According to current rates
International calls Completely free and limitless Very low call rates Expensive international call rates
Roaming fee No roaming fees No roaming fees, our system is global It depends on the concrete country, but usually, yes.
International conference calls - between 3 continents Completely free, protected, untappable and untraceable with crystal clear HD audio quality. Because of the public network, the call is traceable, tappable, the sound quality is worst, and the call is not free. In case of international businesses, 99% probability that someone is following your calls. The sound quality is poor, and the call is expensive.

Only three steps to start


1

Create your account

Choose a user name, and a password for your client admin.

2

Purchase a licence and the add-ons

Your NonPry is ready to use, while your PPcrypt devices arrive in 5 days.

3

Plug in your PPcrypt phone and log-in with NonPry,

And you are ready to make your first protected calls from your 7-digit PTechnology Phone Number!

No commitment period, free NonPry / PPcrypt calls worldwide

Do you have any question?
Our customer service team is at your disposal!


United Kingdom

+44 7418 357986

support.uk@ptechnology.info

United States

+1 (707) 8199311

support.us@ptechnology.info

Mexico

+52 (55) 85261818

support.mx@ptechnology.info

Client service line

2345678 - from PTechnology network

support@ptechnology.info