It is impossible to navigate the existing climate in the Blockchain industry without running into debates about security. Hacks and attacks have kept the topic firmly on the lips of crypto users and their frequency creates almost a sense of helplessness.
But, this doesn’t have to be so as Blockchain Reporter sat down with George Waller CEO of BlockSafe Technologies, to talk about their new CryptoDefender product and Blockchain security.
In your press release, you mentioned that not much has been done to secure Blockchain systems. Do you think it is a lack of effort on the part of the industry or have we simply gotten used to periodic attacks?
I certainly hope that the industry hasn’t gotten used to periodic attacks, especially since there are solutions out there that can make it more secure. In my opinion, the problem is two-fold – a part of it is misperception and another is rate of growth.
Over the years, the industry has come to accept the term “immutable” and has blindly applied it to the entire blockchain ecosystem, which consists of crypto wallets, exchanges and blockchains (public & permissioned) – each of which have their own critical vulnerabilities. While I agree that transactions logged on a blockchain are immutable, access to that blockchain is not, nor is there any content filtering to assure that a node connecting to that blockchain doesn’t infect it with malware. Private key credentials for crypto wallets can easily be keylogged, and memory buffers can be modified to swap the public key when sending tokens. It also seems that the majority of the exchanges are getting compromised by the standardized corporate attack vectors being used everywhere.
The second problem is growth rate – in just a few short years, companies deploying blockchains are at a break-neck speed. Every company wants to be more efficient, productive and profitable. While these are things that blockchains offer, we cannot afford to gain these advantages while foregoing security. Everyone, everywhere has to understand that all computers and mobile devices are can easily be compromised, but it’s only companies that choose to conduct their due diligence and put security protocols in place that will be around for the long haul.
Almost every blockchain network seems to run some sort of bug bounty program. Do you think these are effective and more importantly, are they enough?
In some instances bug bounty programs are good, but by no means are they enough. They are not the solution that companies really need. If anything, they could turn into a threat vector on their own. For example, the people digging through your code can identify bugs in the network, report these bugs, and get paid for them. But they could also be selling information on these serious flaws to hackers, or exploiting the flaws to their own advantage. The truth is, there’s no replacement for having trusted employees and solutions that identify the bugs and fix them.
Could you tell us a bit about CryptoDefender?
BlockSafe Technologies’ CryptoDefender™ is an app to secure mobile and desktop devices from targeted attacks. The app has several critical features that work together: keystroke encryption uses military-grade encryption to protect everything you type on a computer or mobile device’s keyboard, thus preventing spying. The app’s clipboard copy protection prevents malware from monitoring the clipboard and copying the contents. The anti-screen capture feature stops screen-scrapers from monitoring and capturing user activity, and anti-clickjacking identifies hidden links that can send the user to a malicious website.
CryptoDefender™’s mobile version also includes a password vault, a strong password generator, an OATH compliant two-factor authentication token and a hardened web browser that prevents man-in-the-browser attacks.
For the average user who is worried about cryptojacking and having their coins stolen, how would CryptoDefender help?
CryptoDefender™ protects crypto wallets by preventing malware from stealing your private key credentials. Additionally, CryptoDefender™ prevents your computer’s memory from being modified when you’re copying & pasting a public key to send tokens.
CryptoDefender™ takes a proactive approach to protecting you by encrypting every keystroke all the time, preventing keyloggers, screen-scrapers, clickjacks & memory modifying malware from stealing anything you type on your keyboards.
On mobile, CryptoDefender™ protects everything you type by installing the industry’s only keystroke encrypted keyboard, protecting every keystroke you type, in any application, all the time.
From your experience, how do most attacks take place and how can users guard against them?
Most hacks happen because of user error. For example, the user clicks on a suspicious link or opens an attachment that was infected. However, there are also many attack vectors that a user has no control over, such as drive-by attacks. In a drive by attack, a user could go to a well-known legitimate website and instantly get infected with a keylogger because that website was already infected, or a user could buy a brand new computer or USB stick that came infected with a keylogger because hackers had breached the manufacturer network and implanted malware on their gold master. Of course, users need to be more diligent about what they click on or open. However, they also need to proactively protect themselves against known and unknown attack vectors.
Besides CryptoDefender, what else does BlockSafe Technologies have in store for the future?
BlockSafe also has a product called ExchangeDefender™, which helps protect crypto exchange networks from being hacked. The solution is a bundle of two technologies – our patented keystroke encryption technology and our multi-factor Out-of-Band Authentication platform which protects network access control for the exchange employees while providing real-time transaction verification for exchange user transactions.
Additionally, we are developing a product called BlockchainDefender™, which will protect permission-based blockchains from being hacked.
George Waller, CEO, BlockSafe Technologies
George is the CEO of BlockSafe Technologies. George is also a co-founder of StrikeForce Technologies, Inc. An entrepreneur and technologist with over 30 years in the computer industry, George played a pivotal role in introducing two of the leading cyber security technologies: out-of-band authentication and keystroke encryption to the marketplace. Today, these technologies are widely used in banking, healthcare, education, manufacturing and government sectors.