NSA-resistant Android App 'Burns' Sensitive Messages

← Back to Stories (view on slashdot.org)

NSA-resistant Android App 'Burns' Sensitive Messages

Posted by Unknown on Wednesday September 4, 2013 @02:46AM from the many-have-tried dept.

angry tapir writes "Phil Zimmermann's Silent Circle, which halted its secure mail service shortly after Lavabit, has released a messaging application for Android devices that encrypts and securely erases messages and files. The application, called Silent Text, lets users specify a time period for which the receiver can view a message before it is erased. It also keeps the keys used to encrypt and decrypt content on the user's device, which protects the company from law enforcement requests for the keys." Seems similar to pieces of the Guardian Project.

32 of 183 comments (clear)

Min score:

Reason:

Sort:

Very little utility here by wbr1 · 2013-09-04 02:52 · Score: 2, Interesting

I think this gives a false sense of security. Sure it encrypts messages on my device. And helpfully auto deletes them after the expiry has passed. However, if the person you are worried about gaining access to the messages can silently coerce the transport company (in this case your mobile provider), to release the contents of messages they have stored, of what use it?

--
Silence is a state of mime.
1. Re:Very little utility here by oodaloop · 2013-09-04 02:55 · Score: 4, Interesting
  
  The mobile provider would only have encrypted messages, and the only way to decrpypt woulf be brute force or getting the keys on your device. I'm no expert though; I just read TFA.
  
  --
  Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
2. Re:Very little utility here by gl4ss · 2013-09-04 03:01 · Score: 2
  
  yeah it's the recipient who can copy the message.
  he can read it, he can copy it.
  this is just copying a feature from a popular teens chat program..
  
  --
  world was created 5 seconds before this post as it is.
3. Re:Very little utility here by GameboyRMH · 2013-09-04 03:11 · Score: 4, Informative
  
  Came here to say this. Without using shared secret encryption it either requires a (potentially coercible) central authority or is vulnerable to MITM attacks. And any kind of "time deletion" is only good for security on the receiver's device, not security of the message sent - the important thing to remember with computers is that if you can see it on your screen or hear it through your speakers, you can own it forever. No exceptions.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
4. Re:Very little utility here by Rockoon · 2013-09-04 03:22 · Score: 2, Insightful
  
  I think this gives a false sense of security.
  
  All senses of security are false.
  
  --
  "His name was James Damore."
5. Re:Very little utility here by LWATCDR · 2013-09-04 03:23 · Score: 2
  
  I am still trying to figure out what everybody is texting and messaging that is so private?
  I kind of work on the idea that anything that private I say face to face.
  I wonder just how much of this worry about the NSA is some form of narcissism. Frankly I am not important enough or interesting enough for the NSA to spy on me.
  
  --
  See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
6. Re:Very little utility here by RoboJ1M · 2013-09-04 03:23 · Score: 5, Interesting
  
  There's a button on my Ubuntu PC for creating private/public key pairs and uploading the public key to a ring of public key servers.
  Then, people can encrypt emails that only I can read because only I have the private key.
  I've always wondered why this isn't better integrated/more automatic when it comes to email systems (gmail?)
  Why not just leverage that type of mechanism?
  1) Install app
  2) it creates a key pair for your phone number
  3) It uploads the public key to one of these servers
  4) Anybody who texts you using a compatible app, it looks up your private key and encrypts the message only for you.
  Job done.
  If you can't fit the encrypted message in 120chars, it uploads the encrypted data to a 3rd party and all it sends is a message ID.
  Or it uses IP only (like imessage/whatsapp)
  Or is uses email as the bulk carrier
  All those IP messaging systems must use a 3rd party anyway as you're always NAT'ed behind a real IP address anyway on a mobile connection.
  I'm always on a 10.x.x.x address.
7. Re:Very little utility here by Shompol · 2013-09-04 03:56 · Score: 2
  
  People with sensitive correspondence should worry about this, such as: political activists, lawyers, company execs, gangsters, politicians. They already utlize "face to face" to the maximum extent, but by deploying a blanket wiretap the government is giving them a dilemma: become a luddite or risk your communication compromised.
  
  Less likely, but even if you do not belong to one of the above groups then the government might be out to get you for any personal or political reason,they just need to mine your messages for anything that looks compromising to make an arrest. Or sometimes they need a poster child to show that their ter ror watch was fruitful, like the guy in Canada arrested for using word "blow" in his text message.
8. Re:Very little utility here by MightyYar · 2013-09-04 04:14 · Score: 4, Insightful
  
  It isn't useless. A careful person could remove the keys every time they finish with the application. The application is simply a way to guarantee that your communication will not be intercepted, limiting what you need to worry about to the endpoints.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
9. Re:Very little utility here by LordLimecat · 2013-09-04 04:15 · Score: 5, Insightful
  
  If only there were some sort of secure way of exchanging keys over an insecure medium...
10. Re:Very little utility here by thoromyr · 2013-09-04 04:25 · Score: 3, Insightful
  
  this got modded insightful?
  Hint, the more broad and absolute a statement is ("all" and "false") the less likely there is to be any truth to it.
  I could see it being interpreted as "funny", but it doesn't really get past the joke stage.
11. Re:Very little utility here by ceoyoyo · 2013-09-04 04:43 · Score: 2
  
  Yeah and the keys are on your device.
  
  The encryption and erasing aspects of this are useless which means the entire app is useless.
  Put two and two together. Presumably the erasing aspect is less for erasing the encrypted message than it is for erasing the private key. That way the NSA can get a copy of the encrypted message and a copy of the public key, but they can't get the private key unless they happen to nab you and apply phone books and rubber hoses before your phone erases it.
  Zimmerman is a pretty smart guy.
12. Re:Very little utility here by pla · 2013-09-04 04:44 · Score: 5, Funny
  
  If only there were some sort of secure way of exchanging keys over an insecure medium...
  
  Saaay, someone should tell Phil Zimmerman about that - I'll bet he could really put it to some good use!
13. Re:Very little utility here by vux984 · 2013-09-04 05:14 · Score: 2
  
  I've always wondered why this isn't better integrated/more automatic when it comes to email systems (gmail?)
  3 reasons
  1) Technical - gmail needs to have your private key to decrypt messages sent to you with your public key. Or to sign messages sent by you with your private key. They absolutely cannot offer a webmail service, if they can't descrypt your mail to show it to you over the web. If gmail has your private key, its not a very private key. The NSA can just quietly ask google for the key.
  2) Business - gmail wants to mine your data. They can't do that if they can't read it. The business model of gmail is incompatible with providing a service where they can't read your data.
  3) Conveniencel - having to enter pass phrases all the time is a chore. Nobody wants to do it.
14. Re:Very little utility here by IamTheRealMike · 2013-09-04 05:23 · Score: 2
  
  Er, what? We just learned this summer that governments are sucking up EVERYTHING and storing it for god knows how long, and you think it's useless because you would need to obtain the device to read the content?
  No way! At this point any kind of crypto, even the unauthenticated kind, is a good step forward.
15. Re:Very little utility here by Bill,+Shooter+of+Bul · 2013-09-04 05:24 · Score: 4, Informative
  
  I'm not confident that the NSA hasn't already solved the discrete logarithm problem at the heart of that method.
  http://arstechnica.com/security/2013/08/crytpo-experts-issue-a-call-to-arms-to-avert-the-cryptopocalypse/
  Even if the security is perfect, I have a hard time understanding why people would need it. If you were discussing something that were merely private that you didn't want anyone to ever know you'd have to convince the other person to install the app as well. Hey Dave, I have a secret I would like to share with you, but only if you install this app... You have to be really paranoid, or have a really valuable secret to divulge. I just don't see that many legitimate uses.
  If you integrated it into android, where every text between two android users did the same thing, that would be valuable. So things would be secure and private by default.
  
  --
  Well.. maybe. Or Maybe not. But Definitely not sort of.
16. Re:Very little utility here by arth1 · 2013-09-04 05:29 · Score: 2
  
  It doesn't matter how secure the key exchange is, if the hacker has access to your keys, for instance by having a backdoor into the OS or app that uses the keys.
  Or in other words, a public key from a key pair isn't worth shat if the private key can be compromised.
17. Re:Very little utility here by vux984 · 2013-09-04 06:08 · Score: 4, Insightful
  
  1.) This is not true. You can design a mail system to store the private key on the client (html5 local storage).
  Until I have some sort of assurance that the key stored in local storage, can't be sent up to the server by javascript then this gets me no where.
  The NSA asks your mail service for the keys. The mail service says we don't have them... html5 local storage. NSA says ... add this line of javascript to your site. Next time I log in they have my key, and everyone else who accessed the site during that interval.
  And even if we build a whole new spec with a wall of protection around the key, so the javascript just sends the encrypted text in and gets the decrypted key out and never gets its hand on the keys only then will the key be safe.
  But any messages I access still are not. Because as long as I'm relying on javascript downloaded from the service to display the messages, I am vulnerable to that javascript being updated and sending that message back up to the server.
  The client cannot be provided on demand by the server to have a hope in hell of being safe. Really it needs to be 3rd party, open source, audited by more 3rd parties, and the binaries I install.. well I don't... I download the source and compile it myself after checking that the hashes match the original and the 3rd party auditors. And even then, I have to trust that the NSA didn't get to everyone and conspire to publish malicious source. So to be truly safe, I have to audit it myself.
  Real security from the likes of the NSA is HARD.
  3.) Not true. See 1. If you authenticate using a private key you only need the password to decrypt the key and no username anymore.
  True but you underestimate how little tolerance the average person has for passwords. An awful large number of people don't have login passwords to their computers and fewer still on their phones. And their mail passwords are remembered by the software so they don't have to enter them.
18. Re:Very little utility here by 0111+1110 · 2013-09-04 06:33 · Score: 3, Interesting
  
  I just don't see that many legitimate uses.
  What about illegitimate uses? Those are the only kind that domestic extremists like myself care about.
  
  If you were discussing something that were merely private that you didn't want anyone to ever know you'd have to convince the other person to install the app as well.
  This would seem to be the case for every form of private communication. Is there any way to communicate securely with someone who doesn't care about private communication?
  
  Hey Dave, I have a secret I would like to share with you, but only if you install this app...
  I had this problem with my defense attorney. I wanted to discuss some aspects of my case with him via email, which I rightfully didn't trust. So I asked him if he would be willing to install and use gpg4win or at least sign up for Hushmail, but that went over like a lead balloon. So in the end I had to wait to discuss the case with him in person.
  
  --
  Quite an experience to live in fear, isn't it? That's what it is to be a slave.
19. Re:Very little utility here by Acid-Duck · 2013-09-04 07:29 · Score: 2
  
  I just don't see that many legitimate uses.
  How about a politician traveling to a less than friendly country?
20. Re:Very little utility here by K.+S.+Kyosuke · 2013-09-04 07:53 · Score: 5, Funny
  
  Saaay, someone should tell Phil Zimmerman about that - I'll bet he could really put it to some good use!
  I can imagine that the result would be some pretty good privacy for the ordinary user.
  
  --
  Ezekiel 23:20
21. Re:Very little utility here by Bill,+Shooter+of+Bul · 2013-09-04 08:15 · Score: 2
  
  A politician isn't going to be savy enough to install the app, and have everyone he's communicating with install the app. interTubes are not their friends. It has to be secure by default.
  
  --
  Well.. maybe. Or Maybe not. But Definitely not sort of.
22. Re:Very little utility here by ceoyoyo · 2013-09-04 10:54 · Score: 2
  
  Who cares if the NSA gets the public key?
  I want to send you a message so I ask you for a key. You generate a public/private key pair and send me the public one. NSA gets it. I then encrypt my message with the public key and send it to you. NSA gets it. You then receive the message and read it. The NSA is SOL because they've got the public key, not the private one. They COULD still impersonate me though, so to avoid that we do a key exchange in the opposite direction and I sign my message with my private key, which you check using my public key. Which tells the NSA only that I sent the message (which they knew already).
  The current weakness, and the one that's exploited, is that the NSA can snatch you off the street, apply rubber hoses, and get you to give them the decyrpted message and/or your private keys. With a time-limited system both the message and the keys get wiped, hopefully before the NSA has time to get their snatch squad on site. Without your one-time use private key, the encrypted message cannot be decrypted by anyone.
  The auto-deleting is no protection if I don't trust you, but it's not meant to be. It's a convenience feature so you don't need to remember to delete the private key. Plus the app presumably takes care of generating the keys and exchanging them for each message, which would be a huge pain in the ass if you had to do it manually, which explains why nobody ever does.
23. Re:Very little utility here by bored · 2013-09-04 17:17 · Score: 2
  
  I want to send you a message so I ask you for a key. You generate a public/private key pair and send me the public one. NSA gets it.
  And generates their own public/private key pair. They then forward their public key to you instead of mine. You encrypt a message using it and the NSA gets it, decrypts it, and recrypts it using the public key I sent you, then forwards it to me.
  MITM works for public keys too if you can't trust the public key exchange. That is why before you sign a 3rd party key (outside of your trust circle), you should verify in an out of band method, that the key your are signing matches the key identity of the 3rd party. Aka, pick up the phone and ask them what the key fingerprint is.
How to crack: by Anonymous Coward · 2013-09-04 02:54 · Score: 4, Insightful

1. Send order to Google saying, "give us unrestricted read/write access to the persistent storage of all android devices. Oh, and you cannot tell anybody about it."
2. Download the contents of all devices, including the keys.
3. Install keylogger to capture any necessary passwords.
4. Profit!
1. Re:How to crack: by cool_arrow · 2013-09-04 05:13 · Score: 2
  
  If you can own the baseband you can own it all: http://vimeo.com/25806106
You still can't control recipient devices by Wrath0fb0b · 2013-09-04 02:58 · Score: 5, Insightful

The "Burn Notice" feature lets the sender set a time for a text, video, voice recording or picture to be erased from the recipient's device.

No, it can't. The recipient could be using a tampered application that ignores the timeout directive. Or it could modify the JVM to lie to the executable about the time or refuse to fire timers. Or modify the JVM to write all the memory transactions to disk (or host) even after the application frees (or GCs) it. Or modify the screen rendering APIs to capture the rendering. Or attach with JDB over ADB and halt the executable while the plaintext is in memory and slurp it out. And, of course, there are apps in the store that will just take a video of the screen.
FWIW, I support the app and I believe the encryption-in-transit is a very worthwhile feature. But the "Burn Notice" is, from a security point of view, useless. If you trust the recipient with the plaintext, you trust the recipient with the plaintext, end of story. Anything else is DRM-esque attempts to put restrictions on a device that you do not own.
WTF, PRZ? by Cajun+Hell · 2013-09-04 03:04 · Score: 3, Interesting

TFA makes it sounds like the sender can make decisions about what the receiver's machine does. That is insane (and also impossible, or it's irresponsible to lead users to believe they'll get that). I hope I am misreading the claim.
If the receiver has that control, or if the sender gets to specify advisory info in the hopes that the receiver uses it, ok. If not, then I think one of the most respected programmers ever (PZ) has left the path of wisdom.

--
"Believe me!" -- Donald Trump
this does not decrease incarceration by nimbius · 2013-09-04 03:05 · Score: 3, Insightful

in rare cases NSA wiretaps reveal information about terrorist plots. in most cases of warrantless NSA spying however they do not. the purpose of NSA wiretaps is often used as a guilt generation and conviction assurance mechanism. Yet when it fails to produce any satisfactory outcomes, as this device would preclude it from doing so, the laws can and are frequently adjusted accordingly to suit the prosecutiorial entity. expect the installation or presence of this software to be acceptable grounds for the confiscation of your phone and further investigation of you and your property.

--
Good people go to bed earlier.
Just Stop.. by SuperCharlie · 2013-09-04 03:08 · Score: 4, Insightful

When the hardware, the software, and the transport medium are all compromised it is moronic to continue this "security" game.
Trust No One by Lawrence_Bird · 2013-09-04 03:17 · Score: 3, Insightful

It is closed source right? And even if it is not, you need to be able to build the binary from a vetted copy of the source and associated libraries.
The NSA screwed themselves and everyone else by Theovon · 2013-09-04 03:52 · Score: 4, Insightful

We need an organization whose mandate is similar to the NSA. When the FBI, for instance, lawfully obtains evidence that gives them probable cause to get a warrant to invasively follow a chain of evidence, we need this information-gathering capability.
But the NSA over-stepped their bounds, broke the law, and betrayed all Americans and their allies. As a result, people are now more motivated to produce tools to evade organizations like the NSA. Because American citizens have the right to privacy, and they now have to go out of their way to get it, criminals are now gaining more sophisticated tools they can also use to evade the NSA. Looking at the other comments, the app mentioned in particular here isn't necessarily all that effective, but give it time. Pretty soon, you'll be able to put up an impenetrable wall around your data that the NSA can't break through.
The "problem" with this is that there are only two groups who will use these tools. Innocent privacy enthusiasts and criminals. The NSA will be unable to distinguish between them, essentially making rationally paranoid people targets of criminal investigations. And the NSA will be stupid about everyone else, seeing people NOT using encryption as low-hanging fruit, criminalizing countless innocent citizens merely in an effort to show that the NSA is catching *someone*, justifying their enormous budget. (In other words, they will make up criminals to justify their existance.)
If the NSA had obeyed the law, we wouldn't be in this mess, where it is inevitable that we can no longer spy on real criminals, probable cause or not.