Question:
What does 'highest level for security' mean?
Answer:
Highest level of security means that the device has been designed to meet even the highest governmental grade security requirements.
Tough Mobile 2 C has been designed for ultra secure use, starting from tamper-proofed mechanics to always-on security monitoring of electronics and hardened software solutions utilizing the Android 10 operating system.
Security is always based on hardware originated tamper proof security solutions.
Smartphone’s unique HW security solutions and multilayered security structure are reinforced with the dual-boot functionality, running two completely separate and hardened operating systems on a single platform: Confidential and Personal.
Bittium highest security also means that the device has been designed and manufactured by a trusted vendor in Finland.
Question:
What does Tough Mobile 2 C’s “multilayered security” mean?
Answer:
Tough Mobile 2 C’s security is built in layers, both in hardware and software.
The security built in the hardware protects data at rest. Security starts from the design and manufacturing of the device, including a hardware secure element that for example stores all authentication data and encryption keys. For software-based security Tough Mobile 2 C always comes with Bittium Secure Suite™ full set of services for securing the data in transit.
Question:
What does Tough Mobile 2 C’s dedicated hardware secure element do?
Answer:
The hardware secure element provides for example user authentication services for Android, stores device encryption keys and provides cryptographic operations. If the Android OS becomes compromised with malware with access to everything, it still would not be able to access the contents of the secure element.
Secure element also controls the tamper detection feature of the device – even if the device’s main battery has run out. The secure element is powered by its own backup battery.
Question:
How is data in Tough Mobile 2 C encrypted?
Answer:
All data in Tough Mobile 2 C is encrypted with AES-256 encryption. Tough Mobile 2 C supports also encryption for data in SD cards. Data in transit is encrypted with Bittium SafeMove® Mobile VPN included in Bittium Secure Suite.
Question:
How is Tough Mobile 2 C tamper-proofed?
Answer:
Tough Mobile 2 C’s secure element detects if someone is trying to for example drill, open, disassemble, or precision cut the device. If tampering is detected, the secure element cryptographically erases all data from the device, even if the main battery has ran out of power. The secure element is powered by its own rechargeable backup battery.
Question:
How is Tough Mobile 2 C protected from unwanted hardware implants?
Answer:
Tough Mobile 2 C is tamper-proofed, which means that the phone detects if it is dismantled or the SIM slot is opened. For security reasons all data is cryptographically erased in case of dismantling. When the SIM slot is opened, device locks instantly and only the device’s original user can dismiss notification of SIM slot opening by authenticating to the device and continue using the device.
Question:
How is Tough Mobile 2 C protected from malicious firmware?
Answer:
Tough Mobile 2 C can be used only with Bittium signed firmware delivered by Bittium. Device utilizes secure/trusted boot, OS rollback prevention and the device is non-rootable. In each start up the device checks firmware and hardware integrity. For additional security layer, Bittium Secure Suite can be used to remotely attest the device firmware and hardware.
Question:
What does Bittium Secure Suite provide and how can I take it into use with Tough Mobile 2 C?
Answer:
Bittium Secure Suite is an advanced software product that complements Bittium Tough Mobile 2 C with a full set of services for secure communications, including MDM, VPN, remote attestation and application whitelisting. It is available for both private and public organizations, and requires installation of a back-end server, which is provided either as a dedicated IT service or hosted by the customer.
Please contact us to start a trial.
Question:
Is VPN included with Tough Mobile 2 C?
Answer:
Tough Mobile 2 C is always complemented with Bittium Secure Suite software which has Bittium SafeMove® Mobile VPN client software pre-installed to secure data in transit. Please contact us for more information and for starting a Bittium Secure Suite trial.
Tough Mobile 2 C device supports also any 3rd party VPN solutions supported by Android 11.
Question:
What does the Multicontainer solution do?
Answer:
Both operating systems support Multicontainer feature, enabling the use of several secure, isolated workspaces within one operating system, preventing data contamination between applications/services located in container workspaces. With Multicontainer, it is possible to use classified data and services from several separate organizations as each container workspace isolates applications, data and network traffic from all
other workspace containers.
User can switch between the different workspaces by swiping sideways from the home screen.
Services within the workspaces are protected and managed with Bittium Secure Suite. Services in workspace containers can connect to isolated back-ends via container-specific VPN tunnels, providing unique data-in-transit protection for each workspace.
Question:
How can I enable the Multicontainer solution?
Answer:
Multicontainer solution is enabled with the Bittium Secure Suite back-end system as each container uses its own VPN tunnel and server environment for isolating and encrypting data in transit. Please contact us to get the complete solution for your organization.
Question:
How can I create a single container in Tough Mobile 2 C?
Answer:
Multicontainer solution is enabled and controlled with Bittium Secure Suite back-end system.
Question:
What does the hardware-based Privacy Mode mean and how does it work?
Answer:
With Privacy Mode the user can prevent eavesdropping and spying through device by disabling microphones, Bluetooth, cameras and reducing sensor accuracy on the device at the hardware-level. Privacy Mode can be activated/deactivated by pressing and holding the privacy button, which is the topmost button on the right-hand side of the phone. A green indicator light starts blinking on the front side of the phone when Privacy Mode is active.
Question:
How can I make encrypted calls with Tough Mobile 2 C?
Answer:
Making encrypted calls is possible with dedicated secure voice applications, which are available from Bittium and its solution partners. Please contact us for more information.
Question:
How is Tough Mobile 2 C’s operating system hardened?
Answer:
For example, Tough Mobile 2 C’s security/encryption key management, user authentication and true random number generation are moved from Android to Bittium hardware-based secure element. If you would like to discuss what additional hardenings have been made, please contact us.
Question:
How can I quickly erase all my data from the phone in emergency situations?
Answer:
Tough Mobile 2 C is provided with a Fast Wipe functionality to erase all data in emergency situations. User can trigger Fast Wipe from drop-down menu by pressing the red Fast Wipe icon and giving the device PIN.
Question:
How do I get security updates to Tough Mobile 2 C?
Answer:
All Tough Mobile 2 C updates are delivered Over-The-Air (OTA).
Bittium Secure Suite allows full control over which devices are updated, when, and with which firmware. The OTA delivery can also be protected by VPN. Bittium can also provide its customers with professional service tools for local updates.
Question:
Can Tough Mobile 2 C be security certified for national security purposes?
Answer:
Yes, Tough Mobile 2 C has been designed to be certified for national security purposes. CONFIDENTIAL level approvals are in progress. Device and manufacturing audits are possible for certification purposes.