Slashdot Mirror
Phil Zimmermann's New App Protects Smartphones From Prying Ears
Hugh Pickens writes "Neal Ungerleider notes that cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann has launched a new startup that provides industrial-strength encryption for Android and iOS where users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS, and MMS. Text and multimedia messages are wiped from a phone's registry after a pre-determined amount of time, and communications within the network are allegedly completely secure. An 'off-shore' company with employees from many countries, Silent Circle's target market includes troops serving abroad, foreign businesspeople in countries known for surveillance of electronic communications, government employees, human rights activists, and foreign activists. For encryption tools, which are frequently used by dissidents living under repressive regimes and others with legitimate reasons to avoid government surveillance, the consequences of failed encryption can be deadly. 'Everyone has a solution [for security] inside your building and inside your network, but the big concern of the large multinational companies coming to us is when the employees are coming home from work, they're on their iPhone, Android, or iPad emailing and texting,' says Zimmermann. 'They're in a hotel in the Middle East. They're not using secure email. They're using Gmail to send PDFs.' Another high-profile encryption tool, Cryptocat, was at the center of controversy earlier this year after charges that Cryptocat had far too many structural flaws for safe use in a repressive environment."
for those of us who prize our anonymity. I do hope they'll take Bitcoin for the $20/month they charge.
Beware of strangers bearing gifts. . .
RedPhone was a decent encrypted voice call tool. It was always beta and eventually stopped working. (Servers pulled, as was the app).
I believe Phil Z was also the author of RedPhone.
Sad to see such a restrictive pricing model for the new "solution".
There is no way on this fucking EARTH the powers that be ( read that governments ) are going to let anything tarnish the holy grail of surveillance tech that people stand in line for weeks to buy of their own accord.
Birthers will recind their claim against Obama, Dawkins will get Baptised, and Ron Paul elected president before this will happen.
Rest assured, if it DOES, it is with full blessings of the aforementioned governments.
Why would a government wiretapper need to intercept your phone call? Wouldn't they just mandate that your provider give them access to your device to record anything going to your mic? In fact, this would minimize the amount of audio they'd have to sift through...If Silent Circle call, then record audio from mic.
Might I remind people that cell phones are tracking devices.
1. Modems should not communicate with cell towers until calls are made .001 cent a mac address. You wouldn't be stealing service since that has to be activated with a prepaid card.
a. There is no way to receive incoming calls anonymously and not be tracked given the design of cellular communications networks.
b. Solution to this is to not receive calls or:
b1. Set it up so that phones use data-only prepaid phone 'cards' and open the modem up to 'mac address spoofing'. This is illegal although I bet there is a way it could be done legally. If a company 'owns' a certain segment of MACs then they should sell them.
b2. Connect to an onion server on Tor. This server could be private and host your text messages. The way the call would be received would be through automatically being turned on every 15 – 60 minutes and pulling text messages from an encrypted onion on Tor or similar system. A system of 'informing' a device when to turn on in order to receive a call could also be designed. This would reduce the opportunity for tracking and users could still 'receive calls' although not in real time. It would only be at certain times.
If you trust closed source security software... good luck.
I doubt it. Our apple overlords will categorise this as 'Undesirable' as it allows their phone users to communicate in ways that they want
It's funny how so many things people seem to doubt Apple would ever approve, actually get approved. Like for instance a virtualized burner phone, an app that provides you a temporary number lasting a week or as long as you see fit.
There's already a ton of precedent for Apple to approve something like Silent Circle, and a ton of people like yourself in the dustbin of failed predictions claiming Apple will not accept product X because, well, Apple.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If you want complete failsafe encryption, the two devices must either be physically connected by wire, or else must broadcast wirelessly directly to eachother, with no repeater or any other physical device not under the complete control of either endpoint in between them.
Protocols can be devised in such systems which are completely eavesdrop tolerant, such that even if eavesdropping did occur, it would be indecipherable, even if one were to try to listen to the entire communication, including the protocol setup itself, it would sound like undecipherable gibberish right from the moment that the encryption began.
Such protocols can be vulnerable to MitM attacks, but that is why they are really only reliable as encryption when the communication is not subjected to any routing.
File under 'M' for 'Manic ranting'
Even if Silent Circle is secure, that doesn't mean that the cell phone is secure. The safest mobile innernet device is probably an iPod Touch.
There are no trails. There are no trees out here.
Wouldn't they just mandate that your provider give them access to your device to record anything going to your mic?
Why all the high-tech twists when if they really cared they'd just bug the rooms in the places you hung out in most often?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Given iOS has no APIs for making phone calls without involving the dialler or sending SMSes without invoking Messages, this app would have to be entirely self-contained. Effectively, it's a VoIP phone app that does SMS and MMS, just offering strong encryption.
And there are plenty of VoIP phone apps on iOS. As are private network "free" texting type apps. This is nothing special other than offering encryption.
So in the end, it's just another VoIP app, or "free texting" app, of which there are tons. Like say, Skype.
"off-shore"?
Are the people starting to realize that the enemy is within?
"Neal Ungerleider notes that cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann has launched a new startup that provides the illusion of industrial-strength encryption for Android and iOS where users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS, and MMS.
There, fixed it for you.
Does anyone really think any application that is layered on top of IOS is free from interception? Everything is an API, all hidden away, and as much as I love Apple, there is no way in hell I would trust any application running on that device to be free from covert interception(keyboard, voice, you name it). I'm not saying that app doesn't encrypt and do all the right things when transmitting over a network, but I'm going to assume everything is compromised locally on the phone.
And not to be a tin foil hatter, but really, who pays for this stuff and paid these guys salaries in the past anyways (hint, it was your famous uncle).
If rebels fighting for a good cause can use this to their advantage, so can the terrorists.
I wish I lived in a world where there were no need to encrypt anything.
How are you going to handle NAT traversal without a central server? Read up on the ZTRP protocol. The server is just a dumb relay, passing encrypted bits back and forth. The keys live on the devices, so the server couldn't decrypt the data even if it wanted to.
While it is nice for someone to be making an easy-to-use all-in-one encryption app, the real question for me is this:
Does it encrypt phone calls; real, phone-to-phone, no-VoIP phone calls.
There are already several solutions out there for encrypted VoIP. Even a free, open-source general-purpose Android SIP client CSipSimple supports ZRTP for key exchange (or 'of course' a free, open-source ...)
However, I have not found a single app (and indeed only a few specialised devices) to actually make encrypted phone calls without using VoIP, and none that have made encrypted phone calls over GSM voice. A few people have talked about phone call encryption over GSM voice (e.g. at DEFCON) and there are many papers on the topic of data-over-GSM-voice), but I haven't yet seen it implemented. If this *does* implement it, *then* I'll be pumped.
On the SMS front, there is already TextSecure for sending encrypted SMS, and all the key exchange is handled through SMS (and perhaps MMS? I believe only SMS). Mind you, Moxie Marlinspike hasn't released the source for it (and it is now owned by Twitter, so we'll probably never see it).
So similar to the set of services that the Serval Project (my current employer) is aiming to deliver? But it costs $20 a month, and it only works when you have a viable internet connection to their servers?
When the Serval product set grows to include an internet directory service, I'm certain we'll be able to run it for less than $20 a month. Probably for less than $20 a year.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
The PGP documentation files were the first hands-on documentation for encryption I read that actually got it right. They are still among the few today. Most texts either get the crypto wrong or the environment or the procedures on how to use the thing. These did not.
Of course, PGP went through some refactoring and design changes, but the basic code was sound. If he manages to achieve this with this new product, it will be the only one on the market that this can be said for. Basically all others are buggy, badly designed, insecure because of fundamental misunderstandings or easy to make user errors, etc. Of course, careful review is still required, but this product should be worth the effort.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Reading the title I thought this was about some quack who made an app that 'prevents' you from the electromagnetic radiation while calling. Then I read the blurb and I thought: what has this to do with encryption? Then I saw that the title said Prying ears, not Frying ears. Aha!
-- Cheers!
Protocols can be devised in such systems which are completely eavesdrop tolerant, such that even if eavesdropping did occur, it would be indecipherable, even if one were to try to listen to the entire communication, including the protocol setup itself, it would sound like undecipherable gibberish right from the moment that the encryption began.
Such protocols can be vulnerable to MitM attacks, but that is why they are really only reliable as encryption when the communication is not subjected to any routing.
The criteria you give are accurate for key agreement in the absence of a preexisting trust anchor, such as the classic Diffie-Hellman key exchange protocol. However, once a trust anchor is established — for example, by meeting and agreeing on a shared secret or verifying one another's public keys in person — that shared secret or known-good public key can be used for authenticating or verifying digital signatures on messages that arrive over an untrusted communication path.
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
"There's already a ton of precedent for Apple to approve something like"
"ton of precedent"
and
"something like"
Really give away your lack of confidence in your own argument. Let me state something so you can see the difference.
"The application WILL be approved for sale on Android, that is inevitable as day follows night."
There, and that's why Apple will ultimately fail. Because even the fanboys don't have confidence in Apple making the decision they think is right.
"For encryption tools, which are frequently used by dissidents living under repressive regimes..."
So are the UK and the US established, or emerging markets?
The company is US-based. No matter how renowned the makers of this software are, under the Patriot Act they can be forced to secretely put backdoors into their apps and never tell anyone. For this reason alone the encryption is worthless, and possibly even dangerous for companies outside the USA that have to guard trade secrets.
They're not using secure email. They're using Gmail to send PDFs.
Isn't Gmail using SSL to send and receive mail? Isn't that secure enough?
Slashdot, fix the reply notifications... You won't get away with it...
On Android or iOS?
I don't think people understand the definition of secure, then. Before you start worrying about your messages being secure after they leave the device, you should be concerned with the security of the device itself. It's pretty widely accepted by those in the know that Android and iOS are effectively trojans (and/or can easily be compromised if you still believe the OS itself is secure) for spooks of all sorts. If a message absolutely, positively has to be secure, it should never touch a device capable of connecting to an "internet" of any kind.
".....They're in a hotel in the Middle East"
That's plain stereotypical and frankly quite offending.. The "Middle East" - which mind you consists of several countries cultures and races - is not all bad, and certainly this case can be applied to any country, and many hotels in all them countries.
Since when did the carriers start allowing the core voice stream to be altered? AFAIK, every single carrier prevents smartphone manufacturers from being able to access that part of the phone's functionality (they can initiate calls etc but cannot muck with the actual data)
NSA has approved an Android phone for use by government officials to make TOP SECRET calls. link: http://www.theverge.com/2012/3/2/2838729/nsa-project-fishbowl-secure-android-devices-network
It is doubly encrypted with the VOIP server sitting inside Ft. Meade (where the second level of crypto gets added). So, if NSA is doing this, then it is fully possible to get secure calls over traditional cell networks. Of course, they have access to all the hardware and have made modifications there as well. And, of course, their server in Ft. Meade won't be usable by us mere mortals (nor will their encryption algorithms which are Type I classified algorithms).
As mentionned on their website.
I have found in my own limited use of cryptography code that I was entirely unsure if I were using it correctly or as intended, owing to a completely new lingo used for everything, which was nowhere bound to a comprehensive explanation of what it meant, why it was needed, and what practices should be avoided.
I came off thinking the big advance would be to avoid sending out under-documented code in the first place. The average user is not a cryptologist, but a vanilla coder-of-things, and to avoid heartache at the user level, these coders must find the libraries straightforward.
tone
Show us where P.Z. ever said this would be "completely secure". Such a claim is the hallmark of snake oil, as described at http://www.philzimmermann.com/EN/essays/SnakeOil.html
Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
And how many seemingly innocuous apps are denied, when we would predict they should be fine?
None that I know of. I provided a link with an example, funny you cannot do the same.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"The application WILL be approved for sale on Android, that is inevitable as day follows night."
And also on iOS. I just have to help people understand why it is so certain, because people like you like to raise doubts where none rightfully exist.
Since Google has also pulled apps from the Android app store, you have no greater certainly that it will stay than on iOS.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Presumably the one-to-one voice calls will use ZRTP for end to end encryption. How will they support end-to-end encryption (which is the assumption here) for multi-party voice and video conferences?
Last I checked, *useable* multi-party video/voice requires heavy muxing server side, moreover, last I checked, homomorphic encryption isn't quite up to the task of RT audio/video processing.
So, really, aisde from some generic OTR and ZRTP wrapped in a turn-key bundle, their conference solution will be competing with Skype, Google Hangout, Netmeeting, Cisco Telepresence, WebEx, etc.
Unless of course he has some futuristic science up his sleeve.
Google: "site:techdirt.com apple arbitrary"
Well you could do that if you wanted to end up with a lot of out of date and incorrect information. But that's close enough for an Apple Hater!!
http://downloadsquad.switched.com/2009/04/24/crudebox-becomes-prudebox-to-make-it-into-the-app-store/
The link even says it's in the App Store. Next!
http://almerica.blogspot.ca/2008/09/podcaster-rejeceted-because-it.html
http://news.cnet.com/8301-17939_109-10042127-2.html?part=rss&subj=news&tag=2547-1_3-0-20
Podcaster is in the App Store.
http://forum.nin.com/bb/read.php?59,651569
http://www.escapistmagazine.com/news/view/91508-Apple-Blocks-Obscene-Newsreader-Apphttp://www.escapistmagazine.com/news/view/91508-Apple-Blocks-Obscene-Newsreader-App
Apple is very clear they do not allow obscene/pornographic content in the app store (this is not an arbitrary rule):
"Applications must not contain any obscene, pornographic, offensive or defamatory content "
http://www.guardian.co.uk/technology/blog/2009/may/21/apple-iphone
Apple is in fact Allowing Kama Sutra on the app store.
http://www.wired.com/gadgetlab/2008/09/apple-imposes-n/
This article was not correct even way back in 2008 when it was posted.
http://www.gamasutra.com/view/news/36946/Interview_Molleindustria_On_Phone_Storys_Objectionable_Message.php
Prohibiting child abuse in an app is not an "arbitrary" policy.
SInce you can't even be arsed to check a lint you copy from Google, I see no reason to read anything further from you or to respond again. As such you may have the last most and copy blindly from Google all the outdated links you like.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
In this kind of product, the only way to have Easy to use with security if you trust in your server, because security need steps not used by open communications.
For example, the most common problem we have is the user authentication, that if not well implemented, will let the man-in-the-middle attack.
Skype has a good security when the client communicates with the server, but in the server the privacy is broken.
If your client uses RSA for authentication, we will need a protocol to secure the keys, very complicated for beginners.
I think in this case the easy to use is you trusting in the provider, but this "Easy to use" will allow the provider break your security.
For these reasons, I designed a secure voice encryption product to be launched for android next month that is "Easy to Use", but will deploy an option for our clients acquiring and configuring their servers, and each server will be under control of our users. All authentication keys are generated by our clients.
This is the only way we can deploy a good product with ecurity and "Easy to use".
Next month you will be able to download it in Android Market.