As you will know, with SKY ECC, we offer only phones from BlackBerry, Google and Apple. However, what may not know is that as time goes on, we begin to stop offering SKY ECC for older devices. We sunset phones not because we want everyone to get brand new models every time a company releases one, but because as time goes on, the OS begins to have less updates, meaning less security patches. At the same time, new devices are realised with more secure security chips and features.
When we sunset devices, it is so we can make sure that you have the most secure devices possible. We can’t provide the best level of software security to your device with our regular security updates. To make sure you are fully protected and secure, we need this to happen. It is only about security, not pushing you to get the latest hardware.
How we sunset devices
The first step comes when OS updates stop for a certain device. With Apple devices, this is usually around the 5 year mark. An iPhone 6 becomes limited to iOS 12.4.1 and cannot go up to iOS 13.1. This means that your once handy iPhone is no longer getting security patches or privacy improvements that would have come with iOS 13. Now Apple did last year release a 12.4.2 update for any older devices that could not get to iOS 13, but this is a rare occurrence and only help for the short term unless they decide to keep releasing patches for devices at lower levels.
Now this may not seem like the biggest problem, it is only a small patch, right? Besides, it means you have more room on your phone, right? What would you think if we here at SKY did our work with insecure devices? Or your bank? Your boss? You would not want any of us to be at risk when working, so why should you want your own to be potentially compromised?
With new devices, it is a matter of “If” not “When” there will be insecurities. However, with new devices, it takes some time for any new vulnerabilities to be found. As well as this, with every layer of protection the phone can offer, SKY ECC adds significant additional protection.
Despite the protections we can offer with SKY ECC, we believe it is necessary to begin to stop offering support on old devices for new accounts and upgrade older devices, over time, to new and better hardware.
Whilst it is never a problem that we have encountered recently, we will make sure that if any device is compromised substantially then will sunset that device. If something were to happen, such as a flaw in the underlying chipset for example, we would make sure to stop the support of that device and possible go as far as forcing it from our own private secured network.
When it comes to our customers, we do not want to give them anything but the highest level of security and to have that, it needs secure devices. Just as any business, from retail, to banking to even the government makes sure they are updated with the latest tech available, we do the same.
Deciding what devices get put on the list
You have seen what it takes to get taken off the list, but what does it take to get put on? Devices from BlackBerry, Google and Apple are processed through quicker, as they have been extensively vetted and meet the levels of security and compatibility we are looking for. Don’t worry, we still run QA checks as well in case, just to make sure.
With new vendors, we are more rigorous. Using our “Zero-trust” principle we assume that the device are insecure and so they must prove they are secure enough to pass our checks. Here is a look at how it goes.
The first thing to be checked is the quality of the device: how well made it is and the quality of the material involved in its build. With cheap phones, poor materials are used so it can be built for a lower cost, but this results in a poor performance, a shorter device life and often completely lack security chips.
To make the pass with us, it must have one of two things. The first is Trusted Execution Environment (TEE) as a separate chip (which is what Google and Apple do). The second is to have a processor which has the security embedded in it (which is what BlackBerry does).
TEE gives the OS cryptographic protections, as well as providing a secure environment that is needed so that SKY ECC can be protected from the OS itself and other applications.
It may seem surprising, but there is a lot of devices from manufacturers who do not pass our tests and requirements. We make sure to test the claims devices make about their security to see if they match up.
So, if we can break into it, to have the device compromised, that means someone else can. That means that device fails for us.
We are smart enough of know that the idea of “perfect computer security” is a myth, but that is not a reason to be rigorous in our testing. We always make sure to analyse each device in depth and we also send our devices for third party testing, so that we get another view on their security. We may not be able to be 100% secure, nothing is. But we can make sure that we can offer you the most secure devices available.
Should it have been able to pass all our hardware checks and tests, as well as the right security modules to provide a secure foundation, we can then move to look at the OS. For this, we are a talking about Android, as iOS does not change from device to device. With Android, manufacturers are able to vastly different things.
Now for the software check
The checks we do are not to see if Android or iOS is insecure itself, we do that with each update, but to see if Android has been modified or extraneous software has been added by the manufacturer. These both can lead and cause security vulnerabilities, mostly done so unintentionally. Android One status requires a device to disclose if any additional software has been put onto a device, as well as what it is. Unexpected surprises on your device are not something neither you nor us want.
Once released, we QA and test SKY ECC against the OS update. From this, we can deal with bugs that may appear and release patches that keep SKY ECC compatible. We make sure to always be alert to any changes or updates, as well as OS-level issues. From here, we mitigate and deal with them quickly and stopping any risk.
This is also a main reason why we do not have our own version of Android for devices. To make sure we do not add in a vulnerability, it takes a vast amount of testing and the time taken exceeds that of what it would take to use established tools to secure devices like mobile device management. When it comes to OS, we can add multiple layers of additional security, whilst never having to modify the OS underneath.
This last check looks at the time we believe, from the information available, a device will be updated. For this, we only have past experience to help guide us on the timeframe. As mentioned before with iOS and Apple, the timeframe of device support sits at about four to five years. From this, we can estimate that when a certain iPhone model will not be able to make the jump us to the next update.
So, for iPhone we have a pipeline of their lifespan. This also applies for KeyONE and Pixel devices, as well as Android. The ironic thing is, many older models of phone are compatible with and can support the next level of patches and updates to be secure. The only problem is that whilst these older devices can handle the apps and tasks that come with them, they are not given the security upgrades to be feasible to carry on with.
And that is the main part. If they could be kept secure, we could easily keep using older devices. But sadly, as they are not, we have to sunset them. You want the most secure and protected devices from SKY ECC. We make sure we can deliver exactly that. To see our range of devices, visit our store: https://www.skyecc.store/