CYPHYX technology could have protected America from Cyber Attack

CYPHYX technology could protect against the type of supply chain hack as was done in the SolarWinds Attack

Bonita Springs, Florida: The SolarWinds Orion Attack is a great example of the problems with pushing blind updates out to products and systems without adequate protection of verification of the update prior to installation.  And depending on the scope of a product’s reach this can have catastrophic consequences for more than just one company’s product and services.

CYPHYX has a solution to this problem, one that we use ourselves for products that are critical in protecting sensitive data, messages, and access.  Using two of our patented technologies we are able to both secure the update to ensure it remains free of tampering as well as secure the update process to ensure update being applied is legitimate and verified prior to the installation in real-time.

Utilizing our DARE (Dynamic and Random Encryption) technology in conjunction with our Secure Product Update component we are able to secure the update through encryption that results in a unique encrypted product.  Any change to that update package would result in an entirely new package result and the package is only able to be decrypted and installed utilizing the Secure Product Update process thus ensuring the integrity and validity of the update and the update process.

A blind update means packaging the update and then making it available to the customer with no further need to interact, which is a blind update.  The customer can be fooled by a hacked update package, by a redirected update server location that contains a malware infested package, and by spoofed digital signatures.  Since there is no active involvement by the software vendor there is no secondary step to ensure nothing has changed since the update was made available.  And most vendors would be hesitant to setup such involvement since it requires additional support resources which can be costly.

CYPHYX Secure Product Update that uses DARE is a completely automated process where as long as the customer has previously registered their product and has access to the internet at the time of update installation there is no need for further involvement by the vendor.  The only time the vendor would become involved is if illicit acts are occurring either within or outside of the normal Secure Product Update process.

With the CYPHYX Secure Image process and DARE the SolarWinds attack would have been almost impossible since the embedded malware package would have had to be part of the update itself and unless no code review were done before packaging the update for distribution there would be no other point where the update could be infected.

“With our Secure Product Update a vendor can be sure that his customers are protected and that his product’s integrity is assured,” says Chuck Sammet, President at CYPHYX. “It is quite difficult to maintain a relationship with a customer if your product can be attacked through an update that is intended to enhance or correct an existing product”.

Features and benefits of Secure Product Update include.

• Protected update package to ensure there is no delivery stage illicit code insertion
• Package Signature tied to protection to ensure instant verification of the update package
• Installation validation to verify the install is clean and no attack is in progress

Secure Product Update will be available in 2021. For more information on Secure Product Update, please contact Chuck Sammet at (888) 871-3273.

About CYPHYX: CYPHYX is a cybersecurity company that believes in “Individual Autonomy” where the individual controls their virtual life.  We deliver products that approach the challenges involved from a very different perspective and will always be at the forefront of delivering power and control to the user.  Based in Bonita Springs, Florida, CYPHYX is a company that has been working with counties and local governments in New York as well as private enterprises to secure their critical online data.