Subrosa aims at ensuring the integrity of your mobile phones and empowering your digital privacy in an age of evolving, world-wide threats.
Subrosa’s encrypted mobile devices are specially designed for communication privacy as they have an extremely reduced attack surface and security-hardened features.
Subrosa Mobile implements powerful cryptography that encrypts end-to-end the data traffic, apps’ databases, and the device’s physical storage to ensure no one can access your sensitive data.
Subrosa’s servers employ state-of-the-art security measures and store no sensitive information, guaranteeing only the communicating peers have access to such data.
The symbol of the rose denotes confidentiality since ancient times. The story tells of Aphrodite who gave a rose to her son Eros. He, in return, gave it to the god of silence – Harpocrates to keep Aphrodite’s indiscretions private. Roses painted the ceilings of ancient Roman banquet rooms, hung in council meetings and private chambers, and decorated the confessionals in Christian churches. Through time, being under the rose (“sub rosa”) has always meant that the conversation you’re part of is absolutely secret.
Then came the dawn of technology – turning communication into bits of data, interceptable and readable by third parties. Subrosa was created to guarantee the privacy of communication in this new, digital world. We are here to imprint the rose deep in our state-of-the-art encryption algorithms and ensure that your mobile conversations are secure and always remain sub rosa.
Subrosa Mobile is specially built with security in mind and implies multiple techniques to counter the emerging digital threats.
To prevent third party access, all information stored on the phone or in transit is encrypted by a 4096-bit encryption and AES-256 cipher, unbreakable even for supercomputers.
To answer the evolving threat landscape, Subrosa Mobile has a reduced attack surface, removing common vulnerabilities, and disallowing the installation of any third-party software.
Subrosa Mobile’s storage, OS, and communication apps are separately encrypted and require different password authentications to access them, ensuring that no physical tampering with the encrypted phone is possible.
As nowadays digital threaths are evolving, and do not simply use a single point of attack, but try leveraging multiple vulnerabilities at the same time, Subrosa Mobile offers numerous defense layers, ensuring 360-degree protection.
Our encrypted applications allow private communication and store no sensitive data within our servers. The apps' databased are also encrypted, allowing no third party app to access them.
The custom operating system introduces multiple defense layers, security-hardened features, purged common vulnerabilities, and drastically reduced attack surface, ensuring zero-day protection.
Subrosa Mobile’s hardware models, have encrypted storage with wipe mechanism against physical tampering. The security is impenetrable even by supercomputers.
The SIM card the encrypted phone comes with, allows worldwide connectivity with no roaming fees and encrypts users traffic to hide their network activities.
Subrosa’s device management platform gives admins remote control over the devices to push critical updates, assign secure policies, and even disable vulnerable sensors.
To answer your every need, Subrosa Mobile offers encrypted apps that let you communicate through chat, call, video, and email and to store files and conversations without data being exposed to third-parties.
Chat P2P without data ever reaching the premises of our servers, join group chats that only store information until all members receive it, make absolutely private VoIP voice and video calls, using our infrastructure to only establish the connection.
Feature-rich, encrypted email client, storing the private keys only on your phone within an encrypted database and the devices you’re communicating with, ensuring no third party has access to your sensitive information.
An encrypted file storage that allows you to save photos, audio, video, text, and even whole conversations. Thought Subrosa Vault, you can also take encrypted notes or make secure backups.
Secure OS is a custom OS, based on Android, combining user-centric experience with security-hardened features and privacy-focused functionalities.
No third party software can silently mine data from other apps on the Subrosa Mobile phone due to its custom content provider.
Both the recovery mode and the libraries used by various applications, are security-hardened to ensure they’re not exploitable and malicious code can’t be injected through them.
The encrypted phone features multiple password authentications, protecting various data layers. If anyone tries tampering with the device and enters the wrong password a few consecutive times, all data stored is wiped.
As the boot-up process is an easily exploitable way to inject malicious software with OS-level privileges, the technique implemented checks multiple parts of the mobile hard drive to ensure they’re not infected.
Because Secure OS is based on Android, it offers an intuitive interface that lets users seamlessly navigate the encrypted phone along with a fast-access dashboard for the device’s core features and apps.
In case of critical situations, especially physical inspection, users have one-swipe access to emergency features, allowing them to wipe all data from the phone, or mask it to look like a Regular Android with commonly used apps.
As zero-day threats and physical tampering are amongst the trickiest to protect from, Subrosa Mobile implements rigorous security measures, ensuring perfect hardware integrity.
Unlike most competitors, Subrosa doesn’t use refurbished devices. The hardware models of Subrosa Mobile are specially designed for mobile security, implying multiple defense features. The encrypted phones come to you with perfect hardware integrity, guaranteed by rigorous quality-assurance procedures.
Exploitable sensors and features that are easily used for cyberattacks but are not of vital importance for core functionalities, such as the NFC and GPS sensors, are initially disabled. This practice ensures your digital safety against attacks that exploit such vulnerabilities such as behavioral tracking. Admins can further limit the attack surface through remote control.
One of the easiest ways to gain access to an encrypted mobile phone and steal its data is by obtaining it physically, mounting off its chip and deciphering the data on it. To ensure physical tampering with Subrosa Mobile is impossible, the device implies state-of-the-art cryptography to encrypt its storage, making it impossible even for supercomputers to break through.
The device comes equipped with a Multi-IMSI SIM Card, allowing world-wide connectivity.
The multi-IMSI technology allows our SIM card to connect to multiple providers, choosing the one with the best signal, and ensuring near-perfect connection in more than 180 countries worldwide.
As Subrosa Mobile is sold through a subscription model, your subscription plan includes ubiquitous connectivity with no roaming fees, ensuring absolute predictability of your expenses and guaranteeing no unplanned costs can arise.
The more independent a technology is, the more you can trust its integrity. To give you complete freedom from third-party service providers, especially carriers that can see your network activities, the multi-IMSI technology allows us to connect to the network of any carrier and encrypt the traffic to ensure they won’t have access to any sensitive information.
You can assign timers to your messages in the Subrosa Chat & Calls application. After the timer runs out, the message will be deleted without a trace. As an even further security-measure, self-destructing messages can not be saved, copied, or forwarded to ensure perfect communication secrecy. There’re two options to make your messages self-destruct. One is to set a Time to Live (TTL) which starts the countdown the moment the message is sent. After the time runs out it is deleted, regardless of whether the recipient has seen it. The other option is to set the message to be For Your Eyes Only (FYEO) in which case the countdown is triggered after the recipient sees the message and after it runs out, the message is again deleted.
Our gateway servers have multilayered protection. We use logical isolation, firewall filters, ACLs, and DDoS and APT protection. Moreover, we run our BGP network for additional control and security. Communication between our servers travels via a VPN tunnel, and no unencrypted traffic ever leaves our infrastructure. Furthermore, even if someone gains unprivileged access to our servers or the data stored on them is leveraged in any way, Subrosa has implied complex technical procedures to ensure no sensitive client-related information is ever stored on our servers.
Your PGP encrypted emails are only as safe as the security mechanism of the email client you’re using: how complex the cryptographic keys are, from where they are generated, and where they are stored. Unlike most competitors, that generate the keys directly on their server and share them with the user, Subrosa Mobile generates the private keys directly on the peers' devices. This flow guarantees that no one can access the encrypted information but the users themselves. The only inconvenience is that we store no copies of your keys, and thus we’re not able to assist you in case you forget or lose yours. The cryptographic keys we use imply 4096-bit encryption, which will take supercomputers 14 million centuries to decrypt.
The first step of a VoIP (voice over IP) call is to exchange compatibility information to establish a connection. Basically, both the recipient and the initiator generates ephemeral key pairs and transmit key-agreement information. The technique uses a short authentication string (SAS) that users share over the phone, verbally for authentication. Each session uses different ephemeral keys and creates a shared secret which the ZRTP mixes with the secret of the next call. The technical flow of the ZRTP encryption makes every consecutive call more secure than the previous one. The approach allows detection of MiTM (man-in-the-middle) attacks and is practically impossible for eavesdropping as the generation of a new key for each session ensures that even if a key gets leaked, past and future communication is absolutely protected. The complex technique implies multi-layered protection: from the shared secret and the ephemeral keys to the fact that once a connection is established, both devices act as a receiver and transmitter of information. No sensitive data goes through any server, guaranteeing the complete privacy of communication. If two encrypted phones agree on a key, the users can be sure that their calls are protected from any attack.
To deliver messages to every peer in a group chat, we need to use our servers. Yet, sensitive data is stored only for a brief time. Once all users have received the message all trace of it on our servers is gone. In the group chat, the user sends a message, and all recipients currently online receive it instantly. Yet, all peers that are offline don’t. The message is stored on our servers that constantly check whether the recipients have come online to send it to them. If we didn’t imply this technique, the shared information would be lost and never delivered to the offline users. Once the message is delivered to all group members, it is deleted from the server-side leaving zero-trace. For even further security, we store shared group chat messages for a maximum of 7 days after which they’re deleted irregardless of whether all users have seen the message or not.
© Subrosa 2019. All Rights Reserved.