Slashdot Mirror
CyanogenMod Integrates Text Message Encryption
sfcrazy writes "People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages."
Whisper System has integrated their TextSecure protocol into the SMS/MMS provider, so even third party sms apps benefit. Better yet, it's Free Software, licensed under the GPLv3+. Support will debut in Cyanogenmod 11, but you can grab a 10.2 nightly build to try it out now.
The most important part of any crypto communication system is key exchange. Looks like this protocol uses automated SMS key exchange, and implementations should store keys similar to SSH. It's trivial to MITM, but it's a high risk attack because people can simply meet in person to compare keys.
So you won't mind me installing cameras in your house and tapping all your phones then?
Even before the buyout, the CM team refused patches to basically integrate pdroid into the mod, for fear of "angering developers." So even if something like this works, all the bad guys have to do is hit up the app market for the data it's sucking up anyway.
Seriously, why are The People trying to play Spy vs Spy with their own government? The government owns the internet. It's as silly to encrypt your license plate as it is your text messages. You have no way to do so. If you're able to send a text, then you're using a carrier of some kind. That carrier has no control over the government's ability to get the data if the government wants to. Remember, it's metadata that we're talking about. "Who talked to who - and what time(s)". Linking people together is what it's all about. They don't need to know what you're talking about, so long as they know who you're talking to.
Politics; n. : A religion whereby man is god.
This is so increadibly awesome. The biggest impediment to encrypted communications has always been that it's not enabled by default, and requires active particpation by the user (see: SSL being so much more common than PGP or disk encryption). I've been using TextSecure for years now (before WhipsperSystems was bought by Twitter), but it's been of limited use since I couldn't convince all my friends to use it. Now that everyone on CM will have it by default, things just got a little more awesome.
Because I definitely do not want the .gov overstepping their boundaries and ignoring my right to personal privacy. They have no reason to peek in and look at my personal life when I've done nothing wrong.
It is bad that a major event like Snowden's disclosure was needed to spur more encryption. The principles of safety and privacy do not require an accident before hand to be recognized.
Awesome. And as a side benefit, we'll be making it like totally impossible for them to figure out our social media screen names, since there's no way they could legally or even practically collect and analyze umpteen exabytes of meta-data!!!11
p.s. Hcqngr #42. V'z nobhg gb tb gnxr n cbbc. V'yy yrg lbh xabj ubj vg pbzrf bhg.
Ideally they wouldn't be able to decrypt any texts, including the countless "what's for dinner" and "I love you grandma", etc. Safety in numbers.
I don't see the point, since the encryption methods are probably also hacked, and we probably has OS libraries with whisper routines that just invoke built into our devices.
All the backdoors are wide open, and the front doors too. We live in Stasi Germany.
-- Tigger warning: This post may contain tiggers! --
When only some data is encrypted, then the "bad guys" (whoever you might consider those to be) know what to go after.
It's trivial to MITM, but it's a high risk attack because people can simply meet in person to compare keys.
Avoiding MITM has been successfully solved using the Socialist Milionaire problem.
At most, 2 contacts need to call (voice) each other and compare a bunch of keywords. From that point onward, their communication can be trusted.
I see another problem:
The best (and nearest-to-perfect) secure solution requires end-to-end encryption. (the absolute first and last application on the chain to the encryption / decryption. Encryption is done on the first ever software getting the message, decryption is done on the last software drawin the message on the screen)
But CyanogenMod's implementation isn't end-to-end. They instead have integrated crypto in the SMS messaging service of the OS. ... These 3rd party app could actually be spying.
The intention is noble: You're not forced to use CyanogenMod's SMS App. You could use Skype or Facebook chat app (as long as the app supports handling SMS in addition to other communication)...
The main problem is easy to spot:
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
aFskf8as sdfjsdf a8Pg7d !!
How is there any difference? Privacy is privacy. You're the only mental defective that I see around here.
While anything to prevent any intrusion into peoples private conversations is laudable, it's just treating a symptom of the greater problem. Just my opinion, but I would also like to see efforts made so governments and any other authorities don't spy on their people as well as these kinds of efforts which make it so they can't spy on their people.
I looked at this, and there are 2 things I can't understand:
1. How does key distribution work? Even public-key crypto of this type doesn't necessarily work if there is a man in the middle.
2. How is metadata protected? For an SMS, often the timestamp and sender/recipient pairing is as revealing as the message content.
There was an article posted on either slashdot or boingboing which linked to the following: http://events.ccc.de/congress/2011/Fahrplan/attachments/2022_11-ccc-qcombbdbg.pdf Summary: the (usually) proprietary firmware on the chip that controls real-time functions such as wireless communication (which requires so many different standards to be adhered to that it ends up being a real mess and rarely rewritten) is surprisingly easy to hack. I believe there was a quote that you could get remote code execution after sending it a string of less than 100 bytes. It also mentioned that the chip with the main OS is often a slave to the one with the RTOS. Just curious if anyone knows if CyanogenMod accounts for this particular type of security vulnerability.
Text messages are useful because they're banal. "I'll be late" "pick up milk" "what section are you sitting in?" "when do we need to leave?" If you're committing any relevant content to SMS you have different problems that security isn't solving.
I want to delete my account but Slashdot doesn't allow it.
How do you feel about the private contractor that's doing the snooping knowing what you've had for dinner and that your wife has breast cancer and selling that information to companies who can now try to sell you miracle cancer cures? How comfortable are you with prospective employers knowing your child has autism and needs extra attention, which might possibly mean more absences from work?
Remember, most of the data collection and first-level analysis is not done by "the government" but by a private company that works for the government. And, that private company has corporate clients besides the government. How comfortable are you knowing that anyone who can afford to pay having access to all your personal communications?
And what happens that day you disagree with what the government is doing? How comfortable are you knowing that you're planning to go to a political demonstration? How comfortable are you with your boss or potential employer knowing?
How comfortable are you with a techie with anti-social tendencies having access with all your family's communication? Your wife's, your daughter's? Because who do you think is working for that private contractor who's working for the government?
You are welcome on my lawn.
Because I definitely do not want the .gov overstepping their boundaries and ignoring my right to personal privacy. They have no reason to peek in and look at my personal life when I've done nothing wrong.
The problem is needing to protect oneself from un-Constitutional violations of the BoR by an obviously power-mad ruling elite in the first place.
With the immense resources of the US government available and few if any restrictions to methods, if the TLAs want in, they'll get in.
Until the size & power of government and the bureaucracy are massively rolled back and accountability plus term limits enacted and enforced, it's a losing game. They'll get to whomever they need to get to to make sure their abilities to un-Constitutionally spy and gather/analyze masses of data on anyone and everyone without consequence are retained. They already have enough data to blackmail just about anyone in or with power and lots more. Congress won't and can't fix this because of this reason.
We are forced to play by *their* arbitrary, constantly shifting, often counter-intuitive, sometimes retroactive laws, acts, and regulations which they are not constrained by because "national security" "that's classified" "redacted" and "fuck you".
I'm watching this move for a Convention of States (Article V).
http://conventionofstates.com/
It's not without it's risks, but something has to rein in this "Imperial Federal Government" and it's myriads of agencies, departments, "czars", the corruption, the blatant, damaging, and heinous violations of basic civil rights, militarized police terrorizing the citizenry, the crushing spending/debt, etc etc etc, or else living in the US will really begin to resemble living in the old USSR under Stalin.
Maybe that old meme that the US will eventually become socialist/communist/fascist/authoritarian and Russia/China become the new havens of capitalism and individual freedom has some validity.
Ah, the sweet, sweet irony if in 20-30 years, Russian (or Chinese) travelers are smuggling blue-jeans into the US.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
So you don't mind the corrupt PFY contractor at the NSA/GCHQ telling the HR manager at that place you applied for work the results of your last STD test do you?
Excuse me, but please get off my Pennisetum Clandestinum, eh!
I recently uninstalled TextSecure because I couldn't send or receive MMS messages with it. It is supposed to work, but there is always an error when trying to view a picture someone sends me.
The Importance of Metadata:
It is not Who you know, or What you know, or even What you know about Who you know.
It is Where is Who, that provides the targeting for the missile.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
The TextSecure Protocol
TextSecure's upcoming iOS client (and Android data channel client) uses a simple trick to provide asynchronous messaging while simultaneously providing forward secrecy.
At registration time, the TextSecure client preemptively generates 100 signed key exchange messages and sends them to the server. We call these "prekeys". A client that wishes to send a secure message to a user for the first time can now:
Connect to the server and request the destination's next "prekey."
Generate its own key exchange message half.
Calculate a shared secret with the prekey it received and its own key exchange half.
Use the shared secret to encrypt the message.
Package up the prekey id, the locally generated key exchange message, and the ciphertext.
Send it all in one bundle to the destination client.
The user experience for the sender is ideal: they type a message, hit send, and an encrypted message is immediately sent.
The destination client receives all of this as a single push notification. When the user taps it, the client has everything it needs to calculate the key exchange on its end, immediately decrypt the ciphertext, and display the message.
With the initial key exchange out of the way, both parties can then continue communicating with an OTR-style protocol as usual. Since the server never hands out the same prekey twice (and the client would never accept the same prekey twice), we are able to provide forward secrecy in a fully asynchronous environment.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Are you actually just a complete mental defective that doesn't see a difference between the information gained from SMS and from installing cameras in somebody's house? Are you *really* ignorant of that gross extrapolation to argumentum ad absurdum or are you just acting retarded?
Then of course there's the halfwit that modded this stupidity up.
It's like the old joke...
Would you sleep with me for $10,000,000? ... Sure! ... Hell no, what kind of girl do you think I am?
Would you sleep with me for $10?
We've already established that, we're just haggling over the price now.
If you're willing to invade someone's privacy, you're willing to invade someone's privacy.
Once we establish that fact, we're haggling over matters of degree, not matters of kind.
So now your 20 character "just on the way home" text message blows out to a couple of thousand bytes, and your telco provider has to send your SMS as 10 SMS now, and charges your accordingly.
Same for CyanogenMod itself. Who says this addition hasn't been implemented by an NSA employee, backdoor and all?
Except that CyanogenMod itself is opensource.
You check the source yourself, and the source is seen by lots of other people. If there's a backdoor in there, someone is bound to see it.
Even if some NSA employee managed to use social engineering to sneak in an exploitable-bug while submitting a patch to improve otherwise the code, someone will end up noticing it. (e.g.: Both Debian and Android have had, at some point of time, a broken DSA generation which produced predictable key. Nonetheless, in both case the defect was noticed and corrected).
That's the whole point of RMS' rant about free and opensource being a necessity for security. If the source is open, you don't have to specifically trust the author of the source (who might either be a mole or clumsy and end up making bugs). You can instead trust the community (Debian, Android), or you could check it yourself (I'm able to do *some* light code reviewing for a few of my coding needs), or pay someone to do the checks for you (TrueCrypt is exactly getting this treatment, crowd funding style).
And even if you don't compile your binaries yourself and doubt about the binaries offer as downloads by the CyanogenMod team (perhaps the binary you download contain a backdoor that isn't in the source), several tools are here to help too:
- GPG-signing of binaries (so you know the binary you got was actually from CyanogenMod and not one of the relay of NSA which ended up serving you a booby-traped binary, exactly like their slashdot clone)
- Deterministic build (a way for several independant people to check that the binary you have are produced from the official source and not by some NSA mole inside CyanogenMod who is injecting a backdoor before publishing them. It's used by Tor, Bitcoin, etc. It's being implemented for TrueCrypt too)
- Differential build (each time there's a discussion about trusting the source, there's always someone coming up with this old paper of C's author about booby trapped self-replicating compiler. And completely forgot that the author himself proposed a way to detect such booby-trapped shit. Not that this was ever seen in the wild. But in theory it's evitable, with these technique).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
the cryptographic encryption, brought to you by the department of redundancy department.
Encrypting your stuff is all good and nice, but you should use a piece of software that has been written using established secure coding standards. Just because it's open source doesn't mean it's also secure (cf. PHP, OpenSSL). Rather, being open source is a necessary, but not a sufficient criterion in the evaluation of security-critical applications.
Given the track record of this particular application, I'm a bit skeptical whether one should really use it for anything serious.
OS Reviews: Free and Open Source Software
And what happens that day you disagree with what the government is doing?
This.
People who agree with what the NSA and pals are doing believe in a fair and stable government, but what if it changes? What if suddenly your rulers become tyrants?
It's not like it's never happened before in history.
At that point, even if you can stop the data collection, it's already too late. They've already got all of your past history. Suddenly, something which may be innocuous to today's society may be a death sentence in tomorrow's.
What strikes me most is to hear many of the same people asking for Snowden's head in one breath (Government spying is OK!) and defending their right to bear arms with the other (can't trust the government, we might have to revolt!).
Victims of paedophiles throughout history = x
Victims of governments drunk on power throughout history = y
I'm no historian, nor am I a mathematician...
CM11 nightlies starting with cm-11-20131210-NIGHTLY also include WhisperPush according to the changelog. I'm still on 20131208 on Nexus S so I can't check how it actually behaves.
As such I wouldn't hold much faith that just because Cyanogenmod is open that suddenly it's more secure than a proprietary product. It might be and open source is good for a raft of reasons, but I suspect anyone who wanted to throw an exploit could still bury it in plain sight if they wished.
No, indeed. Being opensource doesn't make CyanogenMod automagically secure. GPL and BSD license, aren't magic pixie dust, per se.
BUT being opensource at least make it 100% possible to audit CyanogenMod (unlike say, iOS. Even if you wanted you couldn't audit that one, because its source code is a well guarded secret by Apple).
If you're not content with approach of "let's wait. if there's something evil inside, someone is bound to discover it eventually, some day", YOU CAN DO something about it.
1. Either have a look at the code (if you have the necessary skills yourself).
2. Or you could pay someone to do it. Truecrypt is a nice example that this is possible to do. In fact you could have a good chance of success for crowd funding project for code review of CyanogenMod. This mode is quite popular among people who are more sensitive to control/security/privacy issue. If they are ready to jump through hoops to be sure that their phone runs the OS of their choosing, an OS that they can control and that they could trust, I'm sure some would be ready to set a few bucks aside and pay for crowd-funded project to check and guarantee the source code of CyanogenMod. Specially these days when people are specially made aware of privacy/security problem by the whole Snowden debacle.
Given that CyanogenMod is a critical piece of software (its an OS which lots of people use to run on their phones, and its a derivative of Android, which is the dominant Phone OS. And lots of people want to trust their phone), starting such a crowd-funded audit DOES terribly make sense.
I'm not interested enough to help start the project it self (I don't use Android/CyanogenMod, and I don't trust my phone anyway).
But I would probably give money to such a project.
---
As a side note: LOL @ our handles being only a few letters appart ( DrYak vs. DrXym, in a HAL / IBM style of letter shift)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
The inability to lock down systems for security (must publish all encryption keys). The inability to keep patents. The implicit right of audit of software. Scaaary! Any chance of a GPLv2 fork?
There .. that's more accurate....
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
funny that the same people who think the gov wants to know their shopping lists have absolutely no problem with firing gays from their jobs because they might be having buttsex at home. But at least the employers don'tinvade privacy, they simply assume without any evidence at all, and that's perfectly fine with that crowd
conventionofstates.com leads to Citizens for Self-Governance (http://selfgovern.com/) which points to the leadership page (http://selfgovern.com/about/) which lists a bunch of Tea Party Patriots founding members as their current leadership.
Aren't we still pissed at these guys for being Koch shills?
The problem is that our current bureaucracy is such that it inherently protects the ruling elected class from accusations of tyranny, while providing the services needed to be a tyranny. This is why the players change from Republican Tyrants to Democrat Tyrants, giving the illusion accountability. There is no accountability. The whole IRS, Benghazi, ObamaCare, Patriot Act etc etc etc going back to Nixon proves this. Nixon was held accountable, because he went beyond the Bureaucracy's protection.
The only fix I can see is that we need to get rid of the career Bureaucrats, which is, of course, impossible. We're screwed.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
We are already ruled by tyrants, they are the Bureaucracy. Try to fire them and see how tyranny works.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Combined with the above, these two assumptions (risk of exposure, looking for compromises) is sufficient to take the approach that the code is not likely compromised on purpose. This is not to say, that there are no risks, just that they aren't likely to be intentional.
Either that, or the backdoors are much more sophisticated and designed to look like genuine errors once discovered.
Probably would look much more like something out of the "Underhanded C Code Contest" than an explicit "If (NSA_flags == ture) then send_to(NSA, data);"
In theory, someone with half a clue would notice that putting backdoors has 2 very strong disadvantages:
- a bug exploitable by your guys is a bug exploitable by Russian/Chinese/etc. a hidden backdoor in software used by US civilians also makes them at risk of being vulnerable to the enemy
- once starting to get discovered, it will ruin the market: US products will get considered as NOT trust-worthy, and foreign customers are going to avoid them. Lowering the secuirty of US software is a commercial suicide (as already witnessed back in the "56bits max" era in DES encryption), and should be avoided at all cost.
In practice, I doubt that such consideration would ever stop the NSA doing its work. It might be also likely that they booby trop the shit out of every single domestic commercial software while knowning 100% sure that foreign agencies too are abusing the backdoors that the NSA put there for themselves.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Perhaps knowledge that cancer runs in your family is enough for an employer or insurance company to balk.
How is there any difference? Privacy is privacy.
Yeah totally, it's like exactly the same, just like theft is theft so lucky they arrested that guy for stealing 5c of electricity because that's the same as stealing millions of dollars from a bank!
Once we establish that fact, we're haggling over matters of degree, not matters of kind.
Yes I know, that is exactly what I said. Did you not understand that from my original post? I thought I made that pretty clear :-
see a difference between the information gained from SMS and from installing cameras in somebody's house
by Anonymous Coward on Monday December 09, 2013 @09:48PM (#45646921)
So again the question is:- do you not see a difference in the degree of privacy invasion between reading somebody's SMS and installing cameras in somebody's home?
Aren't we still pissed at these guys for being Koch shills?
Yeah!
We much prefer George Soros shills to Koch shills.
We supposedly have freedom through democracy. But if we ever choose to exercise that freedom by not picking democracy, we're denied. The political system in place is not free in that sense. It's only free up to the point that people are comfortable with at the moment. And currently, people are uncomfortable giving others the freedom to choose how they're governed, or not governed.
"'With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.' Those words were uttered by Judge Aaron Satie, as wisdom and warning. The first time any man's freedom is trodden on, we're all damaged." - From the TNG episode 'The Drumhead'
How very odd.
I replied to this comment yesterday pointing out that conventionofstates.com is run by Citizen for Self-Governance (http://selfgovern.com/about/), which is founded by Tea Party Patriots members, questioning the logic of advocating a movement which is backed by the same Koch shills (repeating exact phrases here because of the scientific method) who are arguably responsible for a large portion of the problems they're trying to "solve."
That comment was apparently deleted, because I'm browsing in "show everything" mode and not seeing it. 'sup widdat, /.?
backed by the same Koch shills
Maybe /. doesn't like OFA/Soros shills like yourself?`
Just sayin'...