Question:
What does "ultra secure" mean?
Answer:
Ultra secure means that the device has been designed to meet even the highest governmental grade security requirements.
Tough Mobile 2 has been designed for ultra secure use, starting from tamper-proofed mechanics to always-on security monitoring of electronics and hardened software solutions utilizing the Android operating system.
Ultra security is always based on hardware originated tamper proof security solutions.
Bittium ultra security also means that the device has been designed and manufactured by a trusted vendor in Finland.
Question:
What does Tough Mobile 2’s “multilayered security” mean?
Answer:
Tough Mobile 2’s security is built in layers, both in hardware and software.
The security built in the hardware protects data at rest. Security starts from the design and manufacturing of the device, including a hardware secure element that for example stores all authentication data and encryption keys. For software-based security Bittium offers Bittium Secure Suite™ full set of services for securing the data in transit.
Question:
What does Tough Mobile 2’s dedicated hardware secure element do?
Answer:
The hardware secure element provides for example user authentication services for Android, stores device encryption keys and provides cryptographic operations. If the Android OS becomes compromised with malware with access to everything, it still would not be able to access the contents of the secure element.
Secure element also controls the tamper detection feature of the device – even if the device’s main battery has run out. The secure element is powered by its own backup battery.
Question:
How is data in Tough Mobile 2 encrypted?
Answer:
All data in Tough Mobile 2 is encrypted with AES-256 encryption. Tough Mobile 2 supports also encryption for data in SD cards. Data in transit can be encrypted with Bittium SafeMove® Mobile VPN included in Bittium Secure Suite.
Question:
How is Tough Mobile 2 tamper-proofed?
Answer:
Tough Mobile 2’s secure element detects if someone is trying to for example drill, open, disassemble, or precision cut the device. If tampering is detected, the secure element cryptographically erases all data from the device, even if the main battery has ran out of power. The secure element is powered by its own rechargeable backup battery.
Question:
How is Tough Mobile 2 protected from unwanted hardware implants?
Answer:
Tough Mobile 2 is tamper-proofed, which means that the phone detects if it is dismantled or the SIM slot is opened. For security reasons all data is cryptographically erased in case of dismantling. When the SIM slot is opened, device locks instantly and only the device’s original user can dismiss notification of SIM slot opening by authenticating to the device and continue using the device.
Question:
How is Tough Mobile 2 protected from malicious firmware?
Answer:
Tough Mobile 2 can be used only with Bittium signed firmware delivered by Bittium. Device utilizes secure/trusted boot, OS rollback prevention and the device is non-rootable. In each start up the device checks firmware and hardware integrity. To provide additional security layer, Bittium Secure Suite can be used to remotely attest the device firmware and hardware.
Question:
What does Bittium Secure Suite provide and how can I take it into use with Tough Mobile 2?
Answer:
Bittium Secure Suite is an advanced software product that complements Bittium Tough Mobile 2 with a full set of services for secure communications, including MDM, VPN, remote attestation and application whitelisting. It is available for both private and public organizations, and requires installation of a back-end server, which is provided either as a dedicated IT service or hosted by the customer.
Please contact us to start a trial.
Question:
Is VPN included with Tough Mobile 2?
Answer:
Tough Mobile 2 has Bittium SafeMove® Mobile VPN client software pre-installed. The complementary Bittium Secure Suite software product for Tough Mobile 2 is required to utilize that VPN client to secure data in transit. Please contact us for more information and for starting a Bittium Secure Suite trial.
Tough Mobile 2 device supports also any 3rd party VPN solutions supported by Android operating system.
Question:
What does the Multicontainer solution do?
Answer:
Multicontainer solution enables several isolated workspaces within the same Tough Mobile 2 device preventing data contamination between applications/services located in container workspaces. With Multicontainer, it is possible to use classified data and services from several separate organizations as each container workspace isolates applications, data and network traffic from all
other workspace containers. Device can also be used as personal smartphone as workspace containers can be used also to isolate personal applications, data and network traffic from work data.
Services within the workspaces are protected and managed with Bittium Secure Suite. Services in workspace containers can connect to isolated back-ends via container-specific VPN tunnels, providing unique data-in-transit protection for each workspace.
Question:
How can I enable the Multicontainer solution?
Answer:
Multicontainer solution is enabled with the Bittium Secure Suite back-end system as each container uses its own VPN tunnel and server environment for isolating and encrypting data in transit. Please contact us to get the complete solution for your organization.
Question:
How can I create a single container in Tough Mobile 2?
Answer:
User can create a single container without the requirement for using the device management (Bittium Secure Suite) capabilities and Secure Suite license. The container can be created by using the SafeMove application readily available on the device.
First you need to check that you have downloaded and installed the latest system updates in order to take one Container into use, go to Settings -> System -> Advanced -> System updates -> Check now.
After that, you are able to create one container, go to SafeMove application -> press “three stripes” from the top left corner -> Create container -> Provision later.
Question:
What does the hardware-based Privacy Mode mean and how does it work?
Answer:
With Privacy Mode the user can prevent eavesdropping and spying through device by disabling microphones, Bluetooth, cameras and reducing sensor accuracy on the device at the hardware-level. Privacy Mode can be activated/deactivated by pressing and holding the privacy button, which is the topmost button on the right-hand side of the phone. A green indicator light starts blinking on the front side of the phone when Privacy Mode is active.
Question:
How can I make encrypted calls with Tough Mobile 2?
Answer:
A separate application is needed for making encrypted calls with Tough Mobile 2. Please contact us for more information.
Question:
How is Tough Mobile 2’s operating system hardened?
Answer:
For example, Tough Mobile 2’s security/encryption key management, user authentication and true random number generation are moved from Android to Bittium hardware-based secure element. If you would like to discuss what additional hardenings have been made, please contact us.
Question:
How can I quickly erase all my data from the phone in emergency situations?
Answer:
Tough Mobile 2 is provided with a Fast Wipe functionality to erase all data in emergency situations. User can trigger Fast Wipe from drop-down menu by pressing the red Fast Wipe icon and giving the device PIN.
Question:
How do I get security updates to Tough Mobile 2?
Answer:
All Tough Mobile 2 updates are delivered Over-The-Air (OTA). The device will check the availability of software updates automatically and inform you when an update is available. User can decide when to download and install the software update.
Question:
Can Tough Mobile 2 be security certified for national security purposes?
Answer:
Yes, Tough Mobile 2 has been designed to be certified for national security purposes. Device and manufacturing audits are possible for certification purposes.