Telefonica launches 'siesta mode' security app and new white-hat hacking team
Telefonica has lifted the lid on its new security portfolio, starting with an app called Latch that lets users 'switch off' their online accounts, and round-the-clock monitoring from its team of in-house hackers.
Telefonica's recently launched security and penetration testing company, Eleven Paths, has released its first security product, Latch, which is available for Android, iOS and Windows Phone.
One of the ideas behind Latch is to tackle problems associated with lost and stolen passwords. The app lets the user choose when to "turn off" access to password authentication systems for things like email, bank accounts and social networks when they're not using them.
So, if their credentials have been stolen, Latch should prevent the hacker who's taken them from logging in. As Eleven Paths notes, the app doesn't replace passwords but reduces the time an attacker can take advantage of a compromised password.
Users can also lock different services, so in a banking context that could include locking transfers or credit card purchases, or for online accounts, locking down configuration changes. The app can also generate one-time passwords as a second authentication factor, and set automated lockdown periods between certain hours of the night.
To use Latch, the user would have to install the Latch app and pair it with a compatible service. Once that's done, control over access to the service is handled via a token shared between the app and the service itself.
The catch at the moment is that Latch has currently only been integrated with a few internal services at Telefonica Group. However, Telefonica says it is in discussions with a range of international companies to integrate Latch with their services, and has released SDKs for major programming languages and plugins for WordPress, Joomla and .NET logins.
Telefonica also launched a new online intelligence service, hoping to tap corporate demand for offensive security capabilities.
According to Telefonica, the service is run by "a team of experts in hacking, fraud, criminology and online communities". The white-hats will scan public sources and underground forums for threats as well as internal networks where given permission.
Telefonica will look at reputation and protecting brands from unauthorised use, hijacked domains, offensive content and identity theft. It's also focusing on document leaks, activism, online hacktivism, and DDoS attacks.
The telco also launched its automated penetration-testing tool Faast and Metashield, a tool aimed at preventing sensitive information leaks.