Big News From MWC: Rescue Supports More Android Devices Than Ever!

The LogMeIn crew is over in Barcelona this week at the Mobile World Congress and we have launched an updated Rescue application for Android devices that gives all Rescue + Mobile users new advanced support options for the most popular Samsung, HTC, Motorola and Sony Android devices shipping today.  With this new “Rescue + Mobile for Android” application, technical support agents can now use full remote control from their computer to Android devices.  This will give anyone who needs to support these devices the ability to remote control, diagnose, troubleshoot and fix all kinds of smartphones and tablets as if they were holding it in their hands.

For example, a support tech trying to fix the latest models of Samsung, Sony, HTC or Motorola smartphones simply needs to direct the user of that device to Google Play (formerly known as the Android Market) where they can download the “Rescue + Mobile for Android”  app.  Once the app is installed, the Rescue technician generates the 6-digit pin code to establish a remote connection.  The end-user is always in control as usual, and must give the technician permission before access is possible.Image

Within just the past few years, Android has become the dominant operating system worldwide.  Check out our infographic  for some examples of how Android has changed the landscape for professional support desks, technical call centers and IT departments.  Whether you’re a mobile operator, retailer of Android devices, or looking for the answer on how best to support millions of Android devices walking into the workplace, this is a must have!

You’ve been asking and we’ve been listening!  This new update, along with our support for iOS & Blackberry devices, means that LogMeIn Rescue now supports more devices, manufacturers and platforms than any other remote support product on the market. Visit our website for more information.

         

Technical deep dive: Cubby security and Cubby Locks

After our last blog post many of you asked for more details about the Cubby Locks feature. It’s challenging to explain Cubby Locks in a way that’s technically accurate yet still easy to consume. However, since Cubby Locks is a unique and powerful feature that helps set Cubby apart from similar services, we encourage you to take the time to understand what Cubby Locks is and what it isn’t.

The first key idea is to understand that data on the cloud in a locked cubby is encrypted and can only be decrypted by your Cubby password. With most similar services, a password is used to simply keep you in or out. That is, a password is used to determine if you have the right to access the service and your data. With most other services, your data on the cloud is not encrypted or encrypted with a key which is stored somewhere along the data. This means it can be exposed to a rogue employee of the storage service provider, or anyone who manages to bypass the password-protection layer or gain access due to an error in the application.

Cubby Locks

Cubby Locks utilizes some heavy-duty math to keep your data protected. Even a rogue employee or someone who manages to bypass password-protection would find your data useless without your exact password. And just to clarify a very important point: “Data” throughout this post refers to files at rest in the cloud.  Cubby Locks does not provide data encryption on your devices; it’s up to you to secure those. And to get another item out of the way: Data in flight (that is, being transferred between your devices and the cloud) is always transmitted over SSL/TLS with all cubbies, regardless of Cubby Locks.

First let’s look at how a standard cubby works – one that does not take advantage of Cubby Locks. In our data centers all files in all cubbies are stored in encrypted form using the AES-256 symmetric encryption algorithm. The key used for this is the Cubby Data Key (CDK) and is randomly generated for each new cubby. CDKs are stored in our database alongside with other properties of the cubby. When you log in to cubby.com, the web application fetches the CDK from the database and uses it for encrypting and decrypting your data when you upload or download files from your cubby. Like with most other services, your password gets you in to the web site but is not adding any extra encryption.

During your first login to Cubby a series of events happen. First we generate a symmetric key called the User Symmetric Key (USK). We encrypt the USK with your password and store it in an encrypted form (AES-256) in our database. Second, we generate a 4096-bit RSA key pair called the User RSA Key (URK). We encrypt the private part of the URK with the USK and store it. The public part of the URK is, as its name implies, stored in plain text. Both USK and URK are specific to and generated for the user account. If you are not familiar with asymmetric encryption, here’s the shortest possible introduction to asymmetric crypto: Anything encrypted with the public key can only be decrypted with the private key and vice versa.

Still with us? Now, let’s take a closer look at Cubby Locks. When you lock a cubby we encrypt the CDK with the public part of the URK, store it in this form and delete the plaintext CDK from the database. Remember that this CDK can only be decrypted with the private part of the URK. That’s all. Simple, right? Here is the chain of encryption at this point:

  • Your password –> USK –> URK –> CDK –> access Cubby data.

The items on the left side of any arrow are the key for the encryption, while the items on the right side of any arrow is data to be encrypted. So the arrow means “right side is encrypted with left side.”

What does this all mean? Every item in this chain is stored only in encrypted format in our database except for the password, which is not stored at all by us. In order to do anything with data one needs to unlock this chain, and that can’t be done without your password. That’s why we prompt you for your password so often, and this is why no one, not even a LogMeIn employee or a hacker, can read your data without knowledge of your password.

Finally, let’s discuss the so-called Recovery Key (RK). In practical terms, you use the Recovery Key when you forget your password and must reset it to something new. As discussed above, there is no way to access cloud data in a locked cubby without your password. Without the Recovery Key, the situation would be this: “Forget your password – lose your data on the cloud.”  That is, if you were to forget your password and reset it through the standard “email me a password reset link” mechanism, your locked cubbies would be deleted from the cloud and you would be forced to re-synchronize all your data. To users a chance of avoiding this, we generated a Recovery Key for your account when you access a locked cubby for the very first time; the Recovery Key is a cryptographically random 32-character alphanumeric string. We then encrypt the USK with this Recovery Key using AES-256. (Remember,  cubby.com at this point has your plaintext USK since you have just provided your password). So now we have two copies of the USK in the database, one encrypted with your password and the other encrypted with the Recovery Key. When you go through the forget password process and enter your Recovery Key, we use it to decrypt the USK, which is then re-encrypted with your newly created password. This way you can keep your data synchronized with the cloud even if it was in a locked cubby. There is only one Recovery Key per user, so we strongly encourage you to print it and keep it safe. The Recovery Key is stored in the database encrypted with the URK, so it’s only available for you to view online after you enter your password.

  • Recovery Key –> USK –> URK –> CDK –> access Cubby data. 
  • Your password –> USK –> URK –> Encrypted Recovery Key –> Recovery Key.

We should also clarify that there is a case when a Recovery Key will be generated for you even if you don’t lock a cubby yourself.  Namely, a Recovery Key will be generated for you when you are invited to a locked cubby or are the member of a cubby that gets locked by its owner.

In many cases there is a balance between security and ease of use. The more secure you want to keep your data the more complex the process gets. With Cubby Locks you get a solution that’s among the strongest security measures on the market, yet still provides a smooth user experience and ease-of-access to your data.

Thanks for sticking through this. We hope we managed to meet the challenge of making Cubby Locks clear.  We’ll be glad to clarify if you have any questions.  Don’t hesitate let us know what you think or what you find unclear.

— Sandor Palfy

Fellow, Development & Security

         

Officially Out of the Box: Cubby now generally available for your biz

Well, you did it. The Cubby beta attracted more users than any other in our company’s history. Over the past week we proudly peeled-back the “beta” label off our logo. Cubby is now official.

Over the past several months, we have read every comment and considered your input greatly. You told us where the bugs were (we squashed ‘em), you told us what you love (thanks!) and you told us how we can be better (we needed that). Many of you have been with us since April. And already, we’re hearing from consumers, professionals, teams and even entire businesses all over the world that they are adopting Cubby.

The great thing about Cubby is that it’s new and there’s still time to shape its future. So, whether you have a question or idea, we welcome you to visit us at help.cubby.com. The conversation, the innovation and the excitement continues.

Enjoy the now generally available, business version of Cubby.

The Cubby Team

         

Collaborate. Annotate.

Ever wish you could circle that word, highlight that line, or laser-focus on one part of your screen? Well, today you can. join.me pro now includes annotation for hosts and viewers, including drawing on the screen with a highlighter or pen, or focusing on a certain aspect of your screen with a laser pointer. You can choose up to six colors to annotate with, and we even offer collaborative annotation, where both the host and viewers can annotate at the same time. And don’t worry – you can save your annotations with the click of a button and access them at any time.

Watch the 90-second demo here:

If you have any questions, comments, or ideas on annotation, head on over to our help center where you can get answers, ask questions or submit ideas to make join.me better.

Don’t have join.me pro? Create your account today for a free, 14-day trial – no credit card required!