Slashdot Mirror
Phil Zimmermann's New App Protects Smartphones From Prying Ears
Hugh Pickens writes "Neal Ungerleider notes that cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann has launched a new startup that provides industrial-strength encryption for Android and iOS where users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS, and MMS. Text and multimedia messages are wiped from a phone's registry after a pre-determined amount of time, and communications within the network are allegedly completely secure. An 'off-shore' company with employees from many countries, Silent Circle's target market includes troops serving abroad, foreign businesspeople in countries known for surveillance of electronic communications, government employees, human rights activists, and foreign activists. For encryption tools, which are frequently used by dissidents living under repressive regimes and others with legitimate reasons to avoid government surveillance, the consequences of failed encryption can be deadly. 'Everyone has a solution [for security] inside your building and inside your network, but the big concern of the large multinational companies coming to us is when the employees are coming home from work, they're on their iPhone, Android, or iPad emailing and texting,' says Zimmermann. 'They're in a hotel in the Middle East. They're not using secure email. They're using Gmail to send PDFs.' Another high-profile encryption tool, Cryptocat, was at the center of controversy earlier this year after charges that Cryptocat had far too many structural flaws for safe use in a repressive environment."
for those of us who prize our anonymity. I do hope they'll take Bitcoin for the $20/month they charge.
I doubt it. Our apple overlords will categorise this as 'Undesirable' as it allows their phone users to communicate in ways that they want
It's funny how so many things people seem to doubt Apple would ever approve, actually get approved. Like for instance a virtualized burner phone, an app that provides you a temporary number lasting a week or as long as you see fit.
There's already a ton of precedent for Apple to approve something like Silent Circle, and a ton of people like yourself in the dustbin of failed predictions claiming Apple will not accept product X because, well, Apple.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Given iOS has no APIs for making phone calls without involving the dialler or sending SMSes without invoking Messages, this app would have to be entirely self-contained. Effectively, it's a VoIP phone app that does SMS and MMS, just offering strong encryption.
And there are plenty of VoIP phone apps on iOS. As are private network "free" texting type apps. This is nothing special other than offering encryption.
So in the end, it's just another VoIP app, or "free texting" app, of which there are tons. Like say, Skype.
This isn't Zimmerman's first time around the block. His Zrtp protocol for SIP (VOIP) security includes Short Authentications Strings which can be communicated by voice or even out of channel, as well as shared secrets from previous connections. These offer reasonable protection against man in the middle attacks.
"Neal Ungerleider notes that cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann has launched a new startup that provides the illusion of industrial-strength encryption for Android and iOS where users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS, and MMS.
There, fixed it for you.
Does anyone really think any application that is layered on top of IOS is free from interception? Everything is an API, all hidden away, and as much as I love Apple, there is no way in hell I would trust any application running on that device to be free from covert interception(keyboard, voice, you name it). I'm not saying that app doesn't encrypt and do all the right things when transmitting over a network, but I'm going to assume everything is compromised locally on the phone.
And not to be a tin foil hatter, but really, who pays for this stuff and paid these guys salaries in the past anyways (hint, it was your famous uncle).
If you trust closed source security software... good luck.
Indeed. After Dave Schroeder, a Navy Information Warfare Officer[1], recently gave me Vint Cerf's email address, I posited in a 35 page manifesto[2] that ssh + IPv6 + gstreamer would make a good open source encrypted video network phone solution. Of course I haven't actually tried it, and no doubt the performance would initially suck. But I imagine a week of tuning parameters and you'd have something usable (when need dictates). And in a year if it caught on, I'm sure the performance would probably become excellent. Of course, it kind of helps to have a 'network neutral'(my definition as per manifesto) broadband connection and an IPv6 'server' process listening on your device for incoming connection requests (a.k.a. phone calls). In any event, interesting to see this slashdot article a couple days later.
[1]
http://news.slashdot.org/comments.pl?sid=3156485&cid=41516877
http://news.slashdot.org/comments.pl?sid=3156485&cid=41530745
[2]
http://cloudsession.com/dawg/downloads/misc/kag-draft-2k121007.pdf
http://cloudsession.com/dawg/downloads/misc/kag-draft-2k121007.txt
http://cloudsession.com/dawg/downloads/misc/kag-draft-2k121001.pdf
http://cloudsession.com/dawg/downloads/misc/kag-draft-2k121001.txt
The phone gives you movement, address books, links to others, the home computer - its everything any LEO has wanted over the electronic generation - ... federal political leaders get a heads up on terms of interest from around the world. ... then for closed court voice recordings.. ...
A beacon, trap and trace, a microphone, a camera lab (as in pictures taken, shared, gps, unique data in every image to find other images you took and posted)...
As for any encryption - detailed keystroke logs, clear-text captures of passwords was offered by diagnostic options shipped in many US telco offerings.
You had the 'mic on' remote dial in, spyware in the cell phone infrastructure - when will a generation learn to put down their small versions of ENIGMA?
As for 'your device to record anything going to your mic? "
The classic case was the NSA and GCHQ - let us work in the dark and we can predict the future
Then you had federal police asking for non court help with encryption, tracking...
Then for logs, recordings
Then high profile cases... state task forces.. fusion centers... the press reports on recordings
At some point the court magic stops and that next person of interest takes the battery out.
Domestic spying is now "Benign Information Gathering"
While it is nice for someone to be making an easy-to-use all-in-one encryption app, the real question for me is this:
Does it encrypt phone calls; real, phone-to-phone, no-VoIP phone calls.
There are already several solutions out there for encrypted VoIP. Even a free, open-source general-purpose Android SIP client CSipSimple supports ZRTP for key exchange (or 'of course' a free, open-source ...)
However, I have not found a single app (and indeed only a few specialised devices) to actually make encrypted phone calls without using VoIP, and none that have made encrypted phone calls over GSM voice. A few people have talked about phone call encryption over GSM voice (e.g. at DEFCON) and there are many papers on the topic of data-over-GSM-voice), but I haven't yet seen it implemented. If this *does* implement it, *then* I'll be pumped.
On the SMS front, there is already TextSecure for sending encrypted SMS, and all the key exchange is handled through SMS (and perhaps MMS? I believe only SMS). Mind you, Moxie Marlinspike hasn't released the source for it (and it is now owned by Twitter, so we'll probably never see it).
The PGP documentation files were the first hands-on documentation for encryption I read that actually got it right. They are still among the few today. Most texts either get the crypto wrong or the environment or the procedures on how to use the thing. These did not.
Of course, PGP went through some refactoring and design changes, but the basic code was sound. If he manages to achieve this with this new product, it will be the only one on the market that this can be said for. Basically all others are buggy, badly designed, insecure because of fundamental misunderstandings or easy to make user errors, etc. Of course, careful review is still required, but this product should be worth the effort.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That is another valuable experience Zimmermann brings to the table: They tried pretty hard to suppress PGP and he prevailed. I remember than in order for him to not go to jail, it was exported as printed book and then scanned in Europe. He used the stupidity of the US bureaucracy against them. Development continued outside of the US afterwards. That was the time when the US snoops wanted backdoors into any crypto.
I think is will be interesting to watch, but I expect he will make it again.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Protocols can be devised in such systems which are completely eavesdrop tolerant, such that even if eavesdropping did occur, it would be indecipherable, even if one were to try to listen to the entire communication, including the protocol setup itself, it would sound like undecipherable gibberish right from the moment that the encryption began.
Such protocols can be vulnerable to MitM attacks, but that is why they are really only reliable as encryption when the communication is not subjected to any routing.
The criteria you give are accurate for key agreement in the absence of a preexisting trust anchor, such as the classic Diffie-Hellman key exchange protocol. However, once a trust anchor is established — for example, by meeting and agreeing on a shared secret or verifying one another's public keys in person — that shared secret or known-good public key can be used for authenticating or verifying digital signatures on messages that arrive over an untrusted communication path.
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
"There's already a ton of precedent for Apple to approve something like"
"ton of precedent"
and
"something like"
Really give away your lack of confidence in your own argument. Let me state something so you can see the difference.
"The application WILL be approved for sale on Android, that is inevitable as day follows night."
There, and that's why Apple will ultimately fail. Because even the fanboys don't have confidence in Apple making the decision they think is right.
No it really is. Serval is building an encrypted, *decentralised* communication platform, that can also route packets over a local mesh network. Initially including voice, text, and file transfer services. But that doesn't mean we are forever limited to only supporting communications over a local mesh, or that we will be limited to this set of secure services. Just that providing communications in an emergency, without supporting infrastructure, is our main focus. Everything must always work in isolation.
I've already experimented with a prototype internet directory service, combined with a packet relay service that could provide Serval to Serval internet calling right now. Implementing it was fairly easy. But we really need to use a Distributed Hash Table for scalability, and provide a separate STUN-like 2-way NAT traversal service to punch direct p2p paths through the internet. Then we won't need to provide much supporting infrastructure at all. Since these services would be run by the very people using the network, I'm not even sure what service we could justify charging for. Except perhaps for terminating calls to the PSTN, which is also a capability we've already built.
Basically I'm saying that with only a couple of months of dedicated effort (and funding....) we could be providing the exact same service as Silent Circle for a fraction of the cost. Though we only have an android client right now, we test our back end daemon on linux & OSX and could start building a desktop front end.
We're getting close to releasing an alpha version of 0.90. This represents a major leap forward under the hood from the current 0.08 version available on the android market. 0.08 is a collection of loosely related applications held together with string and sticky tape; BATMAN, asterisk, wifi-tether, dna & SipDroid. For 0.90 we've rebuilt the core of our solution from the ground up and thrown away the pieces that never really fit together that well in the first place. We're not ready to call it version 1.0. There's still a lot to do before we reach that point, but 0.90 is a *lot* closer to where we wanted to be.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
The company is US-based. No matter how renowned the makers of this software are, under the Patriot Act they can be forced to secretely put backdoors into their apps and never tell anyone. For this reason alone the encryption is worthless, and possibly even dangerous for companies outside the USA that have to guard trade secrets.
Radio can be point-to-point. You can't exactly intercept an airborne signal and try to relay it without building a shield large enough to fully encompass the sender. Something that they would readily be aware of.
File under 'M' for 'Manic ranting'
I didn't read TFA, let alone finish reading TFS, but what you're suggesting is that securing the message in transit between the client and server is sufficient security. What about between the client and another client (SMTP)? Or when the bits are sitting idle on Google's spindles (read: being indexed and monetised)?
The problem I have with this type of solution is that we are placing absolute trust in the vendor's promises that it won't snoop on our data. If I personally generated my CSR and kept my keys secure and in a known location then I would have a little more faith, but unless they open source this and allow me to maintain my own back-end infrastructure I would be more concerned about sending my confidential information using this solution than not - as it's effectively a choke-point for all things sinister and you can bet your last $20/month that the authorities have all they need to intercept your data. After all, and I'm assuming the service is hosted in the US, the White House has access to any keys which are transmitted to and from Silent Circle's systems.
There was another app touted as having military-grade privacy recently, the free-to-install Wickr for iOS. I contacted them after downloading the application in June to pose the question of just what level of trust they expected me to place in their application and infrastructure, to which they promptly responded that their code was under review and they would update their FAQ over the subsequent days. I've just checked and can't even see a FAQ on their website.
Radio can be point-to-point. You can't exactly intercept an airborne signal and try to relay it without building a shield large enough to fully encompass the sender. Something that they would readily be aware of.
This seems irrelevant though: provided two parties have some type of initial shared but not public knowledge, modern crypto can give you a reliably secure channel despite any number of intermediary parties.
In innocent ways as well..
"Yo yo, man, this President butter is the BOMB man, it's so beautiful, like yellow cake. Margarine is just toxic, it gives me food poisoning. Those trans-fats are a public health issue. I swear, it gives me the runs like salmonella, a real brown out in my pants. I'm in the facility, performing evacuation of my bowels until there's a spillover. Dropping a real dirty bomb, you know what I'm saying?"
(selected words from this list
>> and Ron Paul elected president before this will happen.
> FOUR MORE WEEKS, FOUR MORE WEEKS...!! :-D
Of course this was meant as a joke. ;-) :-)
We all know, that in reality Gary Johnson (L) will be elected President! And then we don't need to encrypt our phone calls anymore...at least not because of the government snoops, because Pres. Johnson has shut them all down!
You don't need any previously shared secret to exchange data on an encryted communication path.
For example.... both A and B can independently choose their own commutative key pairs (such as RSA) for a communication. The intent is for these keys to be disposable, so they do not need to be kept in any long term storage, nor does either party need to inform the other of either of its keys. The keys must be commutative in that they could be applied in any order, and one half of each pair will decrypt whatever was encrypted by the other half.
A can randomly chooses something to be the starting point of a one-time hash for an upcoming secure communication, encrypts this data with one of its keys, and sends it. Since it is encrypted by one of the keys that A picked, and nobody else without physical access to A has any way to predict what keys it would have picked, this transmission from A to B is completely undecipherable by an eavesdropper. B then further encrypts the data with own of its own keys, and sends it back to A, so the data is different, but still encrypted. A now applies its second key to the new data stream and sends that back to B. It's worth noting that although both of A's keys have been applied, which would by themselves produce unencrypted data, one of B's keys has played a role in the value it now has, and so it will still be encrypted. It's worth noting that an eavesdropper who has been recording the conversation to this point may have enough data now to *potentially* start trying to decrypt the upcoming conversation, but the challenge of doing so with key pairs like RSA is NP-hard, and if the keys selected are wide enough, it will be completely impractical to do so... and even then, it still won't be generally achievable in real time (with a notable exception made for quantum computers, but nobody has yet demonstrated a completely scalable implementation of one that could eventually be applied to wide key encryption technologies). Finally, B decrypts the data on its own end, and can see the data that A had originally encrypted. A and B can now engage in a secure conversation using the secret data string that A selected.
Of course, this is highly vulnerable to MitM attacks, but for unrouted communications such as point-to-point radio, you can't readily act as an MitM, since any communication you pick up with your own antenna will also be continuing on past you and be picked up by the intended recipient before you would be able to try to forge any data and send it on. You would have to try to block the entire signal, which isn't going to be practical for broadcast radio signals. And if you were to try to do this anyways, you would create interference in the communication, and this would be instantly detectable by the listening party.
File under 'M' for 'Manic ranting'