CyanogenMod Integrates Text Message Encryption

sfcrazy writes "People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages." Whisper System has integrated their TextSecure protocol into the SMS/MMS provider, so even third party sms apps benefit. Better yet, it's Free Software, licensed under the GPLv3+. Support will debut in Cyanogenmod 11, but you can grab a 10.2 nightly build to try it out now.

Key exchange

The most important part of any crypto communication system is key exchange. Looks like this protocol uses automated SMS key exchange, and implementations should store keys similar to SSH. It's trivial to MITM, but it's a high risk attack because people can simply meet in person to compare keys.

Hard to take CM privacy concerns seriously

[geminidomino]

Even before the buyout, the CM team refused patches to basically integrate pdroid into the mod, for fear of "angering developers." So even if something like this works, all the bad guys have to do is hit up the app market for the data it's sucking up anyway.

Re:Hard to take CM privacy concerns seriously

[Rennt]

That's kind of a re-invention of history. CM simply didn't integrate pdroid because it was a support nightmare waiting to happen. At the time of the pdroid discussion, Steve said that they were already working on a bunch of privacy features that would meet the usability standards they were aspiring to... and here we are.

Don't forget that this message encryption follows on from the App Privacy Mode that they have successfully deployed since then (and makes much of pdroid redundant). They are taking a measured and transparent approach to privacy. Just as a serious organisation should..

Spy vs Spy

[BringsApples]

Seriously, why are The People trying to play Spy vs Spy with their own government? The government owns the internet. It's as silly to encrypt your license plate as it is your text messages. You have no way to do so. If you're able to send a text, then you're using a carrier of some kind. That carrier has no control over the government's ability to get the data if the government wants to. Remember, it's metadata that we're talking about. "Who talked to who - and what time(s)". Linking people together is what it's all about. They don't need to know what you're talking about, so long as they know who you're talking to.

Re:Spy vs Spy

You show...good but not total understanding. In current systems this works.

In past systems this has been handled.

See mixmaster, remailers, etc.

If whisper does this right, what people know is "35 messages go into mixmaster3 at time t" and "15 messages go out of mixmaster3 to mixmasters 1..n at time t+1" and "16 go out to realworld addresses A1...Ai"

A good enough tumbler chain crushes most metadata analysis for short messages, provided you'll live with limited message loss, and a bit of latency that makes real time not highly practical.

It could work given enough volume.

Re:Spy vs Spy

[hawguy]

Seriously, why are The People trying to play Spy vs Spy with their own government? The government owns the internet. It's as silly to encrypt your license plate as it is your text messages. You have no way to do so. If you're able to send a text, then you're using a carrier of some kind. That carrier has no control over the government's ability to get the data if the government wants to.

Isn't that the whole point of this project? It allows you to encrypt your data, so unless you think the government has a secret back door into every encryption algorithm, when you encrypt your data, the government can't see it. They may still be able to see who you're talking to (a TOR-like extension might help), but they won't know what you're saying unless they compromise your phone (or happened to compromise the key exchange).

Remember, it's metadata that we're talking about. "Who talked to who - and what time(s)". Linking people together is what it's all about. They don't need to know what you're talking about, so long as they know who you're talking to.

Despite what the NSA wants you to think, it's not just "Metadata" -- any analyst who believes that a conversation is with a foreign correspondent can retrieve the entire contents of the conversation -- text, email, etc with nothing more than a slightly better than 50% belief that one party in the conversation is foreign. No warrants or other oversight required.

Do you think the government should be able to retrieve your private conversations on an analyst's "hunch"?

Re:They're already tracking us in WoW

I've seen little suggesting the NSA has been breaking much crypto at the algorithm level...most of what I've seen in the leaked materials has suggested more in the way of mitm attacks (sometimes through key forgery, as the NSA essentially has root certificate authority). The public key side of this of course still leaves that possibility entirely open if one doesn't take care to do a secure key exchange, but it's still a step in the right direction.

Other problems (not MITM but end-to-end)

[DrYak]

It's trivial to MITM, but it's a high risk attack because people can simply meet in person to compare keys.

Avoiding MITM has been successfully solved using the Socialist Milionaire problem.
At most, 2 contacts need to call (voice) each other and compare a bunch of keywords. From that point onward, their communication can be trusted.

I see another problem:
The best (and nearest-to-perfect) secure solution requires end-to-end encryption. (the absolute first and last application on the chain to the encryption / decryption. Encryption is done on the first ever software getting the message, decryption is done on the last software drawin the message on the screen)

But CyanogenMod's implementation isn't end-to-end. They instead have integrated crypto in the SMS messaging service of the OS.
The intention is noble: You're not forced to use CyanogenMod's SMS App. You could use Skype or Facebook chat app (as long as the app supports handling SMS in addition to other communication)...
The main problem is easy to spot: ... These 3rd party app could actually be spying.

Re:Other problems (not MITM but end-to-end)

[kenshin33]

except in this case the "secret" is public knowledge : public key finger print.

RTOS on the chip that controls wireless, etc.

[dsoodak]

There was an article posted on either slashdot or boingboing which linked to the following: http://events.ccc.de/congress/2011/Fahrplan/attachments/2022_11-ccc-qcombbdbg.pdf Summary: the (usually) proprietary firmware on the chip that controls real-time functions such as wireless communication (which requires so many different standards to be adhered to that it ends up being a real mess and rarely rewritten) is surprisingly easy to hack. I believe there was a quote that you could get remote code execution after sending it a string of less than 100 bytes. It also mentioned that the chip with the main OS is often a slave to the one with the RTOS. Just curious if anyone knows if CyanogenMod accounts for this particular type of security vulnerability.

Re:I personally find this very important...

[PopeRatzo]

Because I definitely would not want the .gov peeking in on me and finding out what I'm having for dinner or knowing that I love my family.

How do you feel about the private contractor that's doing the snooping knowing what you've had for dinner and that your wife has breast cancer and selling that information to companies who can now try to sell you miracle cancer cures? How comfortable are you with prospective employers knowing your child has autism and needs extra attention, which might possibly mean more absences from work?

Remember, most of the data collection and first-level analysis is not done by "the government" but by a private company that works for the government. And, that private company has corporate clients besides the government. How comfortable are you knowing that anyone who can afford to pay having access to all your personal communications?

And what happens that day you disagree with what the government is doing? How comfortable are you knowing that you're planning to go to a political demonstration? How comfortable are you with your boss or potential employer knowing?

How comfortable are you with a techie with anti-social tendencies having access with all your family's communication? Your wife's, your daughter's? Because who do you think is working for that private contractor who's working for the government?

Re:I personally find this very important...

[flyingfsck]

So you don't mind the corrupt PFY contractor at the NSA/GCHQ telling the HR manager at that place you applied for work the results of your last STD test do you?

How keys are managed

[Fnord666]

From the Open WhisperSystems Blog:

The TextSecure Protocol

TextSecure's upcoming iOS client (and Android data channel client) uses a simple trick to provide asynchronous messaging while simultaneously providing forward secrecy.

At registration time, the TextSecure client preemptively generates 100 signed key exchange messages and sends them to the server. We call these "prekeys". A client that wishes to send a secure message to a user for the first time can now:

Connect to the server and request the destination's next "prekey."
Generate its own key exchange message half.
Calculate a shared secret with the prekey it received and its own key exchange half.
Use the shared secret to encrypt the message.
Package up the prekey id, the locally generated key exchange message, and the ciphertext.
Send it all in one bundle to the destination client.

The user experience for the sender is ideal: they type a message, hit send, and an encrypted message is immediately sent.

The destination client receives all of this as a single push notification. When the user taps it, the client has everything it needs to calculate the key exchange on its end, immediately decrypt the ciphertext, and display the message.

With the initial key exchange out of the way, both parties can then continue communicating with an OTR-style protocol as usual. Since the server never hands out the same prekey twice (and the client would never accept the same prekey twice), we are able to provide forward secrecy in a fully asynchronous environment.

Use the Source, Luke!

[DrYak]

Same for CyanogenMod itself. Who says this addition hasn't been implemented by an NSA employee, backdoor and all?

Except that CyanogenMod itself is opensource.
You check the source yourself, and the source is seen by lots of other people. If there's a backdoor in there, someone is bound to see it.
Even if some NSA employee managed to use social engineering to sneak in an exploitable-bug while submitting a patch to improve otherwise the code, someone will end up noticing it. (e.g.: Both Debian and Android have had, at some point of time, a broken DSA generation which produced predictable key. Nonetheless, in both case the defect was noticed and corrected).

That's the whole point of RMS' rant about free and opensource being a necessity for security. If the source is open, you don't have to specifically trust the author of the source (who might either be a mole or clumsy and end up making bugs). You can instead trust the community (Debian, Android), or you could check it yourself (I'm able to do *some* light code reviewing for a few of my coding needs), or pay someone to do the checks for you (TrueCrypt is exactly getting this treatment, crowd funding style).

And even if you don't compile your binaries yourself and doubt about the binaries offer as downloads by the CyanogenMod team (perhaps the binary you download contain a backdoor that isn't in the source), several tools are here to help too:

- GPG-signing of binaries (so you know the binary you got was actually from CyanogenMod and not one of the relay of NSA which ended up serving you a booby-traped binary, exactly like their slashdot clone)
- Deterministic build (a way for several independant people to check that the binary you have are produced from the official source and not by some NSA mole inside CyanogenMod who is injecting a backdoor before publishing them. It's used by Tor, Bitcoin, etc. It's being implemented for TrueCrypt too)
- Differential build (each time there's a discussion about trusting the source, there's always someone coming up with this old paper of C's author about booby trapped self-replicating compiler. And completely forgot that the author himself proposed a way to detect such booby-trapped shit. Not that this was ever seen in the wild. But in theory it's evitable, with these technique).

Re:I personally find this very important...

And what happens that day you disagree with what the government is doing?

This.
People who agree with what the NSA and pals are doing believe in a fair and stable government, but what if it changes? What if suddenly your rulers become tyrants?
It's not like it's never happened before in history.
At that point, even if you can stop the data collection, it's already too late. They've already got all of your past history. Suddenly, something which may be innocuous to today's society may be a death sentence in tomorrow's.

What strikes me most is to hear many of the same people asking for Snowden's head in one breath (Government spying is OK!) and defending their right to bear arms with the other (can't trust the government, we might have to revolt!).