Mostly Non-Technical Answers To Frequently Asked Questions About MobileTrust
Mobile Trust is an advanced security app for Android and Apple mobile devices, with the following features:
The Secure Keyboard encrypts keystrokes as they are tapped in all apps and browsers. All data entered as keystrokes, including login information and online transactions, are protected from keylogging.
The Password Vault can be used to create and store login credentials in an encrypted database for websites, networks, and cloud services.
The Secure Browser is designed to prevent malware/adware/spyware extensions, and to provide secure online access including logins to financial sites.
The Strong Password Generator enables users to create hard-to-crack passwords.
One-Time Passwords has a One Time Password (OTP) Generator used for Two-Factor Authentication to verify that you are who you say you are, when you login to a website, network, or cloud service. Having the correct login information is not enough. It can be stolen.
The OTP Generator creates a password that is valid for only one login session or transaction. Its purpose is to make it more difficult to gain unauthorized access to restricted resources, like a bank account or a database with sensitive information. User names and passwords that do not change can be accessed more easily by an intruder given enough attempts and time.
Important: The owner of the login page determines which forms of verification are used for authentication, not the owner of the mobile device or computer. We will support One-Time Passwords, including OATH and ProtectID Authentication, as needed. Please report instances requiring OATH or ProtectID authentication to TICKETED SUPPORT, and we will evaluate the login page and assist you with the login using MobileTrust.
An encrypted database is used to store any information that is entered into the features described above, such as the Password Vault.
Encryption transforms data (referred to as plaintext) into a different format (usually random characters) from the original so that only authorized people can read it. Encryption makes data unreadable until it is decrypted or unscrambled, using a unique encryption key (a secret mathematical formula). This can be compared to a sophisticated lock mechanism that requires a unique key to open it.
MobileTrust - Keystroke Encryption is implemented through the Secure Keyboard which encrypts keystrokes upon entry to prevent keylogging theft. An encrypted back-end database is used for data storage on the device.
For a description of what MobileTrust claims to do, read the CLAIMS section in Patent US8566608 B2
In a BRIEF SUMMARY OF THE INVENTION, the patent states: "The present invention foils a keylogger by a novel way—creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component (a Browser Helper Object) that decrypts the keystroke before it is sent to the website. Thus, the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers."
If you have any questions or issues with the MobileTrust Setup/Installation, please CONTACT SUPPORT.
- Google/Android: v.4.0 or higher
- Apple/IOS: v.6.0 or higher
Current MobileTrust subscription
Mobile device with one of the following operating systems:
The MobileTrust Setup has two parts:
MobileTrust License Activation
Download and Installation
MobileTrust License Activation
Upon purchase of a MobileTrust subscription, you will receive an email containing instructions for MobileTrust License Activation and how to create an online MobileTrust License Profile in Strikeforce's 'Scloud Portal. Strikeforce is the developer of MobileTrust
i. Read the MobileTrust Activation email carefully and locate your Activation Key: xxxx-xxxx-xxxx-xxxx-xxxx, and save or record it.
ii. Register your email address in the 'Scloud Portal' at https://sft.oobauth.net/SCEnroll
Your email address will be used as login username for MobileTrust.
After registering your email address in the Scloud Portal, you will receive a second email with further instructions.
iii. Complete the creation of your License Profile.
You will receive a second email asking you to login into the Scloud Portal to confirm your email username and to set a password, in order to complete your License Profile. The login credentials will be needed in the latter stage of the installation.
The default name of your License Profile will be your email address.
Rename your MobileTrust License Profile.
Login to the Scloud Portal at https://h8s3.oobauth.net/scloud to view your License Profile and to rename it if you choose. The username will remain the same.
Download and Installation
Allow for slight variation in the MobileTrust installation and configuration depending on the mobile device model and operating system version.
In your mobile device browser, click on one following links to download and install MobileTrust, depending on your operating system.
Apple/IOS installations may require that you login to ITUNES on your mobile device before you can access and download MobileTrust.
i. After MobileTrust has been installed, it will automatically launch. The following splash screen will appear:
Figure A. Splash Screen
ii. The next screen will prompt you to enable the MobileTrust – Secure Keyboard on your device.
Figure B. Enable Secure Keyboard
Once the Secure Keyboard is enabled, tap 'OK' to view the Login screen.
Login to MobileTrust and set the Secure Keyboard as the default keyboard:
Figure C. Login Screen
i. Enter Login information in the following fields:
Enter the email address that you registered when purchasing a MobileTrust subscription.
Enter the password that you registered when purchasing a MobileTrust subscription.
Before logging in, check the login option, 'Keep me logged in'. This will enable you to use the MobileTrust - Secure Keyboard in other apps besides MobileTrust.
When you login into MobileTrust, a License Profile screen may appear. It will require attention before the login can be completed.
If you are unable to select a profile in the License Profile screen, then proceed to the detailed SETUP in the Tasks section of the Keylogging Ontology.
ii. After logging in, select the SETTINGS menu item, then set the option: STAY LOGGED IN: YES
iii. Confirm that the Secure Keyboard is the default keyboard throughout the device.
Without exiting or logging out of MobileTrust, switch to the Settings App to view the keyboard settings.
Secure Keyboard Settings - Apple/IOS:
Tap on the SETTINGS App > GENERAL > KEYBOARDS, then tap on ADD NEW KEYBOARD. Select SECURE KEYBOARD - MOBILETRUST - (United States) English.
Figure D. Apple/IOS - Settings App: Add New Keyboard
To enable the MobileTrust - Secure Keyboard as the default keyboard throughout the device, select 'MobileTrust' in the settings.
Secure Keyboard settings - Google/Android:
Tap on the SETTINGS App > LANGUAGE & INPUT > CURRENT KEYBOARD. Select English (United States) - MOBILETRUST
Make the MobileTrust Secure Keyboard appear in the apps and browsers throughout your device.
Switch to another app or browser, and make the Secure Keyboard appear. Eg., Tap in the URL of a browser. Then tap on a small keyboard icon or button on the right top or bottom of the screen, to make the SECURE KEYBOARD label appear.
Switch to another app or browser, and make the Secure Keyboard appear. Eg., Tap in the URL of a browser. Then tap on the globe at the bottom of the screen, then tap on the ABC key to make the SECURE KEYBOARD label appear.
Figure E. Secure Keyboard
Password protect your device and enable auto-lock.
Choose the strongest password that your device will support.
Consider using an image that provides contact information in case someone finds your device. For example, the the Apple products, "If Found Lock Screen".
Enable a remote wipe feature, if available for your device. This may include features that will delete stored data on your mobile device if a password is entered incorrectly after a certain number of tries. Check with your mobile device provider for information concerning this feature your device.
Make sure all operating system and application updates and patches are installed.
Report lost, stolen, or misplaced mobile devices to the police immediately.
Disable wireless access, including Bluetooth or Wi-Fi, etc. when not in use to prevent unauthorized wireless access.
Mobile device operating systems typically record keystrokes to help in auto-completion. These keystrokes are stored in databases that can be accessed by rogue applications.
Antiviruses and firewalls are absent by default in mobile device operating systems.
Public Wi-Fi is sometimes the only means of communication that mobile devices have for internet access. Public Wi-Fi does not require authentication to establish a shared network connection. An unsecured WiFi connection can be used to distribute malware to all devices on the shared connection. The most serious threat in an unsecured public Wi-Fi is the ability for the intruder to position himself between the device and the connection point. Instead of communicating directly with the connection point or hotspot, the information is intercepted by the intruder.
Bluetooth is a wireless technology for exchanging data over short distances, and is commonly found in mobile devices. It is particularly susceptible to a wide range of security vulnerabilities, including identity detection, location tracking, denial of service, unintended control and access of data and voice channels, and unauthorized device control and data access.
Due to portability and size factors, mobile devices are more susceptible to theft and unwanted access, than other computing devices.
An SMS text message sent from a mobile device can be used to perform a distributed denial of service (DDoS) attack against a large mobile telecommunications infrastructure involving thousands of devices.
A mobile device can send an MMS (Multimedia Messaging Service) message to other devices with an attachment infected with a virus. If the attachment is opened, the phone is infected. The virus can send the same MMS message with its infected attachment to all the contacts in the address book.
Weak encryption within the GSM (Global System for Mobile Communications) standard for mobile communications that is possible to crack in about six hours. Once the encryption algorithm is cracked, all communication is in an unencrypted state. GSM is gradually being replaced by the 3G protocol with stronger encryption.
Mobile devices are particularly vulnerable to wi-fi attacks because very often the Wi-Fi is the only means of communication they have to access the internet.
Cryptocurrency mining malware is found mainly on Android devices in search of digital currencies, like Bitcoin, Litecoin and Dogecoin. It causes devices to battery power quickly or feel overheated.
PCs can be used to infiltrate mobile devices in attacks on bank accounts. Malware on a desktop computer can detect when the user is viewing his banking website. The malware will display a warning message such as, “for increased security, download this app,”. The user is then asked for a phone number and email address to send an SMS to their phone or to download the app (that will accept your login credentials to your bank account).
1. Tap and hold your finger on the text source. A box that give you the option to Copy will appear.
2. Press the box. Your text will be copied to the clipboard.
3. If needed, you can exit the app, and open a different app that you want to paste the text into.
4. Press and hold in any valid text box and a new Paste option will appear. Tap Paste.
1. Tap and hold your finger on the text source.
2. Let go when the magnifying glass appears and choose Copy from the pop-up button.
End-To-End Encryption (E2EE), or non-certified Point-To-Point Encryption, ensures that data travelling over a network or the internet is securely encrypted from the point of data entry to the point of destination. The originating party encrypts the data, and the receiving party decrypts it. The purpose of end-to-end encryption is to prevent intruders from accessing the data in a usable state.
A firewall is software or hardware designed to block intruders and malware from access your computer over the Internet. It filters the data flow into your computer or network through a internet connection.
Hyper Text Transfer Protocol (HTTP) is a set of standards for communication between web browsers and web servers, and enable the transfer of text, files, images, sound, and video across the internet.
Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (HTTP). HTTPS allows secure transactions, including online banking.
When a user connects to a HTTPS website, the session is encrypted with a Digital Certificate. The URL begins with https:// instead of http://
A Keylogger is a hidden hardware device or software program that records all keystrokes. It can be used legitimately for surveillance, or illegitimately to steal data including confidential information such as login and credit card information.
Keyloggers can enter a computer in different ways:
They can be downloaded accidently when a user browses a malicious web site.
They can be embedded in malware, and also in software that was originally legitimate.
They can be bundled with legitimate software and downloaded.
They can be embedded in images and music files and downloaded.
A Strong Password is difficult to detect by both humans and computer programs, thereby protecting information from unauthorized access.
A Strong Password has the following characteristics:
At least 8 characters long.
Random combination of letters, numbers, and symbol characters.
Not found in a dictionary.
Not the name of a command.
Not a login name or name of person.
Not a common usage name such as the make of an appliance, computer, pet, etc.
Is changed regularly.
Is significantly different from other passwords.
Authentication is the process of identifying an individual, usually by their username and password, when logging into a website, network, or cloud service.
Two-Factor Authentication verifies that you are who you say you are, when logging into a website, network, or cloud service. The login password is the first factor (and the only factor in Single-Factor Authentication). But having the correct password is not enough in many cases. It can be stolen.
Example of a second authentication factor: A question in an online bank transaction used to identify that you are the true owner of the login password (first authentication factor) that was just entered. E.g., What was the name of your first pet?
Note: It is the owner of the login page that determines which factors are used for authentication, not the owner of the mobile device.
ProtectID Authentication is a patented Two-Factor Authentication system by Strikeforce Technologies.
OATH (Open Authentication) is a non-proprietary set of standards for Two-Factor Authentication. An authentication product can be said to be 'OATH Compliant' if it meets those standards.