filip chytry

Interviewing Security Researcher Filip Chytry

Most people tend to roll their eyes when the subject of online security is brought up – that is until they experience a problem with their device or system first-hand.

In our first Interview-the-Expert series, we’re happy to have Filip Chytry, Product Manager at Avast Software, maker of the most trusted antivirus in the world, protects nearly 230 million people, computers and mobile devices with its security applications.

Hi Filip, please tell us a bit about yourself. What is your background, and how did you get into the information security field?

I studied at a technical high school called Applied Cybernetics, where I worked on a selection of different fields of study including robotics, networks and programming. During these years, I was already curious about security and was becoming increasingly passionate about the industry, trying to learn more about cyber crime and attempting to hack into my classmates‘ computers for fun.

I then applied to the Czech Technical University in Prague and during the first two months of my studies, I started working at Avast Software as a malware analyst. Avast is where my security career truly began. Over the course of my first few years at the company, I experimented with working on a variety of programs; since then, my focus has gradually shifted towards the mobile sphere.

Most recently, I've been managing a project at Avast that develops new security features and have simultaneously started my project, Seculu.com, to help improve the security of both individuals and businesses alike.

Many people think that security is a dull topic. I cannot tell you how many “not again” kind of expression we received. So, what exactly do you find interesting about security?

Most people tend to roll their eyes when the subject of online security is brought up – that is until they experience a problem with their device or system first-hand. These days, people very much underestimate security risks and their potential consequences. Have you seen those rainbow tables with most commonly used passwords? From my personal experience, I can tell you that there’s still a large number of people who continue to use them.

What I find interesting is the development of these types of social behaviours – studying them is almost like observing an advanced level of programming. When examining the actions of others, you’re forced to think like a bad guy and always try to be one step ahead of the curve.

I heard that during your free time, you do a little bit of “hacking” on the side, of course, for good reasons. Can you share some of the findings? What do you want to know when you hack an application?

The sole purpose of what I refer to “security auditing“ is to improve the security of the app or the system in question. This especially applies to mobile apps I use, since it can be unsettling to know that your personal data isn‘t being handled securely.

Take popular social networks, for instance -- these sites share a significant amount of personal data, but most people are largely unaware of the fact that their information is being shared. Additionally, some of the data is unencrypted, which allows for more substantial problems to arise.

So when I look into an app, I’m usually looking for connections, databases, data gathered by the app, and any potential security holes that would allow users to slip into the program’s inner communications.

Speaking of hacking, please tell us what are some of the ways black hat can hack into applications or systems with the intention to cause serious harm?

As a bad guy, you can approach attacks from different levels:

1) On the device

It is possible to look into poorly programmed apps using a device. Take the Nissan app that you’ve recently covered as an example. In general, certain apps have open back doors, allowing individuals to obtain information from other apps. Alternatively, the app could be gathering data itself and sending it over an unsecured path.

2) In transit

Every app or system tries to communicate with other systems or servers, and all of this traffic can easily be intercepted. On top of that, the traffic might be unencrypted, making it even more easily readable. Alternatively, it could simply be poorly encrypted, allowing anyone with a little bit of skill to figure out what‘s going on.

3) In the cloud or on the server

If you’re able to figure out how traffic works using the tools mentioned in the previous two steps, then it shouldn‘t be that difficult to send or gather information you want over the Cloud or on a server.

What do you think about government and legitimate businesses "spying" on the citizens and customers e.g. the recent scandal about the Deutsche Telekom?

Unfortunately, the scandal involving Deutsche Telekom is just the tip of the iceberg when it comes to cases like these. Mass data breaches are a worldwide problem, as is explicitly shown in this article. For each breach that we’ve uncovered, there are handfuls more that remain undiscovered.

On one hand, it is understandable that a certain kind of “spying“ is necessary for security reasons, but it is often abused to steal data or source code from companies. Even security companies are of interest to governments and hackers – recently, the U.S. government was found to be spying on a collection of antivirus companies, some of which are household names across the globe. It is a thin line that exists between spying for security reasons and spying for personal gain.

The biggest issue is that this area is still quite new, and we still lack laws to sufficiently and effectively regulate the system.

When we tell people that we are doing security, the first thing the majority of people ask if we are antivirus, which is the specialty of Avast, your current company. If you have to say one short sentence to distinguish antivirus and our solution, what is it?

TeskaLabs' solution prevents data being hacked and stolen during data transit and handles data in a secure way while antivirus software mainly protects devices against infections.

We are very happy to invite experts of their fields share their knowledge on topics they’re passionate about. Reach out to us by dropping an email to info@teskalabs.com or tweet to us at @TeskaLabs

~ Interviewed by Cindy Dam ~

About the Author

Cindy Dam

TeskaLabs’ Marketing & Community Manager, Cindy Dam, has a penchant for hacking and storytelling. When she's not reading and writing about cyber hacking, she reads, writes, and comes up with mind and travel hacks.


TurboCat.io

Data encryption tool for GDPR

More information


You Might Be Interested in Reading These Articles

Online Fraud Is Increasing - Is Business Intelligence the Answer?

With the year on year rise in ecommerce, there is a corresponding rise in online fraud - in fact, according to Financial Fraud Action UK, this type of activity had increased by a quarter to £399.5 million in the first half of 2016. The most recent manifestation of this is the concept of “testing” - this is where the criminals try small purchases to check the validity of card details, before moving in for the kill.

Continue reading ...

security

Published on July 04, 2017

5 Reasons Why Security Matters When You Want to Go Mobile

Security is an essential part of today’s modern world, especially with the rise of computers and mobile devices. No one questions whether data centers, servers, and computers should be secure, so why are there so many questions about mobile security? Mobile devices face the same security threats and are, sometimes more susceptible to them. It is time to make mobile security a priority.

Continue reading ...

mobile security

Published on June 23, 2015

Application Security Issues for HTML5-based Mobile Apps

HTML is no longer restricted to just websites. With its latest edition, HTML5, the markup language family has now become a popular choice for mobile applications. After gathering the relevant data and researching, Gartner predicted two things; firstly, HTML5 would be the most commonly used language for mobile applications in 2015 and secondly, HTML5-based hybrid mobile app using technologies such as PhoneGap, Codova or React Native reach up to be 50% of all mobile apps 2016.

Continue reading ...

mobile security

Published on March 01, 2016