Secure Communication Comes To Android

An anonymous reader writes "Forbes is reporting that Moxie Marlinspike and Stuart Anderson's startup, Whisper Systems, has released a public beta of two Android applications that provide encrypted call and SMS capabilities for your Android phone. In the wake of recent GSM attacks, it'll be interesting to see if smartphones end up providing a platform that fundamentally changes the security we can expect from mobile communication."

Sure it will

[d1r3lnd]

Just like encrypted email! Everyone uses that...

Re:Sure it will

[DrSkwid]

lol, I thought I was about to prove you wrong because I had STARTTLS enabled on our incoming mail server and was surprised to find remote MTAs using it as I'd turned it on to protect our users' outgoing mail authentication.

$ telnet mx1.hotmail.com 25
Trying 65.55.37.120...
Connected to mx1.hotmail.com.
Escape character is '^]'.
220 col0-mc4-f34.Col0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Tue, 25 May 2010 16:00:36 -0700
helo fuckface
250 col0-mc4-f34.Col0.hotmail.com (3.10.0.73) Hello [85.189.31.174]
starttls
554 Unable to initialize security subsystem
^]

$ telnet gmail-smtp-in.l.google.com 25
Trying 209.85.229.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP s4si17050707wbc.88
helo fuzznuts
250 mx.google.com at your service
starttls
502 5.5.1 Unrecognized command. s4si17050707wbc.88
^]

At least someone is security concious, this is Fastmail's smtp - now owned by Opera

% telnet in1.smtp.messagingengine.com 25
Trying 66.111.4.72...
Connected to in1.smtp.messagingengine.com.
Escape character is '^]'.
220 mx3.messagingengine.com ESMTP . No UCE permitted.
helo opera
250 mx3.messagingengine.com
starttls
220 2.0.0 Ready to start TLS
^]

Re:Sure it will

[icebraining]

TLS encryption only protects from the client to the server, you have no guarantees about the security of the server-to-server connection nor of the pop/imap server to receiving client. Only message encryption with an OpenPGP implementation or similar can offer that.

But Gmail may not support STARTTLS, but it supports IMAPS, and uses HTTPS by default in the webmail.

Re:Sure it will

[rthille]

Try a valid ehlo, rather than a bogus 'helo fuckface'. Some mail servers won't bother to honor starttls unless they are talking to a conforming server.

Re:Sure it will

[sznupi]

Plus we can look at the impact done by availability of Zfone/ZRTP (this new encrypted VoIP standard from Phil Zimmermann) for Symbian smartphones (half of all smartphones)

Oh, nobody was aware of its availability? Exactly...

Re:Sure it will

[phantomcircuit]

More importantly gmail does not support S/MIME, which is the widely supported signing/encryption mechanism for email. (although basically nobody uses it).

Less useful

[Darkness404]

While interesting, these apps aren't that useful because the other caller would have to be using the same software for it to work which limits it to just a few people using Android with these apps.

Re:Less useful

[stephanruby]

While interesting, these apps aren't that useful because the other caller would have to be using the same software for it to work which limits it to just a few people using Android with these apps.

These apps may not be useful to *you*, but they will certainly be useful to governments, a few companies, and some of the more vigilant/paranoid tin-foil hat wearers among us. In any case, what we need is a free open source solution that does encryption.

The number of Android users is not that big right now, but Android is coming very fast from behind, and with Google taking 0% of the commissions from their Market/App stores (leaving the entire 30% in perpetuity to the carriers/phone makers), I speculate that Android will really become the #1 dominant platform eventually.

Re:Less useful

[Civil_Disobedient]

Uh, so?

You know, telephones aren't terribly useful, either. Because the person on the other end has to have a phone as well. Completely impractical compared to yelling.

Re:Less useful

[PopeRatzo]

Ok, how many people do you know that have Android phones?

Me, my wife, and my daughter.

The reed player in my band (the other three players have iPhones or non-smart phones).

I was at a school board meeting earlier in the month and the soccer mom sitting next to me had a Droid. The kid who lives next door and who has bragged to me that he owns an Xbox, a PS3 and a Wii has an HTC android phone. He says "iPhones are for pussies".

I passed that last part along for informational purposes only. I do not endorse that sentiment in any way, mostly because I wouldn't want some offended iPhone user to give me such a slap.

Re:Slashdotter's rejoice!

[MichaelSmith]

Well okay but say you are in Iran or Thailand and you want organize an action against your government. Secure mobile communications would be pretty handy for that.

What I'd like to see (a PGP/gpg variant).

What I would like to see is a PGP/gpg utility for Android. The closest I can get to this is cross-compiling a statically linked gpg binary for ARM and running that in a terminal.

We'll know it's pretty good when it's outlawed

[bzzfzz]

We'll know it's at least OK if the FBI and CIA start lobbying congress to outlaw it.

We'll know it's pretty good if the NSA starts lobbying congress to outlaw it.

The government is absolutely convinced that law enforcement will come to a screeching halt if people can communicate casually without being subject to eavesdropping. This despite the courts' general distaste for such evidence (people rarely speak candidly in phone conversations regarding criminal enterprises and therefore establishing context and the meaning of codewords becomes a prosecutorial hurdle), and the paucity of successful prosecutions built primarily on the strength of intercepts.

So we've had cryptography treated as a munition. And clipper. And CALEA.

Of course, if the keys are on a server somewhere they can always just subpoena them.

Re:We'll know it's pretty good when it's outlawed

[e9th]

As far as I know, the Justice Department's position hasn't changed much since this 1998 policy FAQ.

Anyone have any later statements from them?

Re:Slashdotter's rejoice!

[alx5000]

Well, okay, but say you are the government of Iran or Thailand and you don't want anyone to organize anything against you. Outlawing secure mobile communications would be pretty handy for that.

Yes, your message is secure, but without some kind of steganographic method, the fact that you're using encryption is not. And neither are you, for that matter.

the solution is Klingon

[MoFoQ]

it just reminds me that I really need to start speaking in Klingon more frequently.

Re:the solution is Klingon

[biryokumaru]

I've been using Romulan for years and no one's been able to crack it yet.

Jolan tru!

Re:the solution is Klingon

[Bugamn]

I use Vogon poetry. They may even eavesdrop, but they will soon wish they hadn't.

Re:Disappointed that they released w/o source code

[phantomcircuit]

Probably removing all the colorful comments :P

"Encrypted call" is misleading

[Coward+Anonymous]

It's a VOIP app that encrypts the audio. Except the fact that the protocol itself is documented this is not materially different from skype which is also encrypted and has governments apparently scrambling to crack.
A truly revolutionary app would encrypt the phone's mobile call audio.

Re:"Encrypted call" is misleading

You said:

Except the fact that the protocol itself is documented this is not materially different from skype which is also encrypted and has governments apparently scrambling to crack.
A truly revolutionary app would encrypt the phone's mobile call audio.

TFA says:

Whisper Systems' apps aren't the first to bring encrypted VoIP to smartphones. But apps like Skype and Vonage don't publish their source code, leaving the rigor of their security largely a matter of speculation. Marlinspike argues that because those apps interface with the traditional telephone network, they may also be subject to the Communications Assistance for Law Enforcement Act, (CALEA) which requires companies to build backdoors into their technologies for law enforcement wiretaps.

Re:"Encrypted call" is misleading

For the same reason you don't see apps that record calls (google voice does somewhat, but is not doing so in the phone) you'll never see an app which encrypts the phone call. It's just not possible to route the audio through the processor of these phones. Therefore it truly _would_ revolutionary --since it's impossible by design.

Re:"Encrypted call" is misleading

[Loualbano2]

A product like that came out a long time ago.

http://www.pgpi.org/products/pgpfone/

I don't think it's supported much anymore. It was a cool concept that just didn't seem to go anywhere.

ft

Re:"Encrypted call" is misleading

[yyxx]

Trying to re-assemble information after being passed through a lossy pipe is hard.

It's called a "modem". We have had those things for years. You could treat cell phone audio like a lossy analog channel and run a robust modem over it. But what's the point?

If you want something that sounds speech-like, that's not a lot harder.

Open standard.

[Ungrounded+Lightning]

... these apps aren't that useful because the other caller would have to be using the same software for it to work ...

From TFA:

Marlinspike says the apps will interface with users' contact lists and other functions on the phone to take the hassle out of making calls and sending texts that can't be eavesdropped by third parties. ...

RedPhone uses ZRTP, an open source Internet voice cryptography scheme created by Phil Zimmermann, inventor of the widely-used Pretty Good Privacy or PGP encryption. ... [Similarly for the SMS system.]

Looks to me like the product uses defacto-standard encrypted communication tools and integrates them with the phonebook to make their use automatic when calling a contact with whom you can have an encrypted conversation.

So it looks to me like your encrypted communications wouldn't be limited to people using the same android app. You could talk to anybody using the same underlying "standard" scheme.

Re:Disappointed that they released w/o source code

[Ungrounded+Lightning]

What I'm more curious about is why there hasn't been (AFAIK) an app that uses an asymmetric public-key encryption method. The solution from TFA takes the combination of the users' keys to generate a password, ...

Public key encryption is crunch intensive - even in the good direction. (It's "effectively impossible" in the "bad" direction, which is the whole point.) Too crunch intensive to be practical when encrypting streams, even with current fast processors.

So it's usually used to generate and exchange a "session key" (and perhaps periodically replace it with a new one) for a symmetric cypher that takes less crunch and is "secure enough" if the amount of material it encrypts is limited.

Re:Slashdotter's rejoice!

[penguinchris]

Just a small comment, I don't think you can group Thailand with Iran when it comes to restricting/monitoring communications. They do block websites (trivial to get around if you want to) but they don't block dissent against the government in any way, and I'm guessing they monitor it less than the NSA monitors US citizens.

And that's beside the fact that you can get pre-paid mobile phones for the equivalent of $10 in cash with very cheap add-on minutes (also pay for those in cash) which for all practical purposes are untraceable, because if you're paranoid you can switch them around or whatever.

I'm defending Thailand because the foreign press has distorted what happened there recently quite a bit. It's nothing like Iran. People are free to protest the government, despite what it may seem after the violence recently in Bangkok.

Re:Disappointed that they released w/o source code

[cool_arrow]

If I recall correctly zrtp generates ephemeral "one time use" keys via Diffie Hellman key exchange. After the session, the keys are discarded. Also asymmetric encryption is used all the time with PGP/openGPG. I generate a key and encrypt a message to you using relatively speedy symmetric encryption, and then encrypt that key asymmetrically with your public key. I send you the bundled up pgp package. You decrypt the symmetric key with your private key and then decrypt my message. Of course the pgp protocol takes care of the details. At least that's how I think it works anyway.

Re:Slashdotter's rejoice!

[Sir_Lewk]

Use your imagination. It is extremely trivial to make encrypted data look like text. Hell, you can even make it look statistically like english. You'd have that character limit thing to worry about, but I believe most phones these days "get around that" by transparently using multiple messages at once.

Re:Slashdotter's rejoice!

[sznupi]

I believe it's either encrypted or looking statistically like text / english. "Texting language" might be of some considerable help, plus perhaps whole words of "texting" used as substitutes for symbols...but that still should be fairly trivial to filter (starting with messages of ungodly length)

Why Not Use TOR As Well?

[no1home]

Since it's going out as a VOIP call, why not route it via TOR? Yes, it would likely slow down the talking a bit (great, I could finally take notes while still keeping up with the conversation), but it would make it that much more difficult to track down the caller and/or recipient. Might also work for the SMS if it's using an Internet-based route instead of the actual cell system SMS.

Re:Slashdotter's rejoice!

[sznupi]

Really repressive governments are very skilled in the techniques of rubber hose cryptoanalisis (well, some of the formally not-repressive ones also are, as long as they can put the encrypted data being analysed in a legal limbo)

Re:Slashdotter's rejoice!

[Sir_Lewk]

Sorry, should have looked a bit more before posting:

http://www.nicetext.com/

Far more relevant link. In particular, note the papers listed in the left column.