Forgot your password?
typodupeerror
Encryption Android Communications Privacy

NSA-resistant Android App 'Burns' Sensitive Messages 183

Posted by Unknown Lamer
from the many-have-tried dept.
angry tapir writes "Phil Zimmermann's Silent Circle, which halted its secure mail service shortly after Lavabit, has released a messaging application for Android devices that encrypts and securely erases messages and files. The application, called Silent Text, lets users specify a time period for which the receiver can view a message before it is erased. It also keeps the keys used to encrypt and decrypt content on the user's device, which protects the company from law enforcement requests for the keys." Seems similar to pieces of the Guardian Project.
This discussion has been archived. No new comments can be posted.

NSA-resistant Android App 'Burns' Sensitive Messages

Comments Filter:
  • by wbr1 (2538558)
    I think this gives a false sense of security. Sure it encrypts messages on my device. And helpfully auto deletes them after the expiry has passed. However, if the person you are worried about gaining access to the messages can silently coerce the transport company (in this case your mobile provider), to release the contents of messages they have stored, of what use it?
    • by oodaloop (1229816) on Wednesday September 04, 2013 @10:55AM (#44756531)
      The mobile provider would only have encrypted messages, and the only way to decrpypt woulf be brute force or getting the keys on your device. I'm no expert though; I just read TFA.
      • by gl4ss (559668)

        yeah it's the recipient who can copy the message.

        he can read it, he can copy it.

        this is just copying a feature from a popular teens chat program..

    • by GameboyRMH (1153867) <{moc.liamg} {ta} {hmryobemag}> on Wednesday September 04, 2013 @11:11AM (#44756689) Journal

      Came here to say this. Without using shared secret encryption it either requires a (potentially coercible) central authority or is vulnerable to MITM attacks. And any kind of "time deletion" is only good for security on the receiver's device, not security of the message sent - the important thing to remember with computers is that if you can see it on your screen or hear it through your speakers, you can own it forever. No exceptions.

      • by RoboJ1M (992925)

        Or public key encryption.
        Private key on your phone, public key on that key server network that's used for encrypting and authenticating emails.

        • Nope this can't work. Unless you physically control the server it could be accessed through coercion. If you send the public key to the server through the Internet using anything less than symmetric key encryption with a key that only you have, and have never sent through the Internet, that's at risk of being snooped by the NSA.

          For a while I thought high-level ECDH SSL, if self-generated, might work as NSA-proof encryption but after reading this article [wired.com] I'm not so sure.

          • You can send the public key any way you like. The entire point behind having a public key is that it is public. That's why they call it a public key. Encrypting it defeats its purpose.
            • Well you're right that I got the two sides messed up...but it doesn't solve the physical access problem.

          • by ceoyoyo (59147)

            Who cares if the NSA gets the public key?

            I want to send you a message so I ask you for a key. You generate a public/private key pair and send me the public one. NSA gets it. I then encrypt my message with the public key and send it to you. NSA gets it. You then receive the message and read it. The NSA is SOL because they've got the public key, not the private one. They COULD still impersonate me though, so to avoid that we do a key exchange in the opposite direction and I sign my message with my priv

            • by bored (40072)

              I want to send you a message so I ask you for a key. You generate a public/private key pair and send me the public one. NSA gets it.

              And generates their own public/private key pair. They then forward their public key to you instead of mine. You encrypt a message using it and the NSA gets it, decrypts it, and recrypts it using the public key I sent you, then forwards it to me.

              MITM works for public keys too if you can't trust the public key exchange. That is why before you sign a 3rd party key (outside of your

              • by RoboJ1M (992925)

                OK, so assuming the intelligence agencies have the power to secretly coerce all of those public key servers to do their bidding.
                Which they probably do.
                Is the only solution out of band?
                What about authentication?
                A way to encrypt a message in a way that the recipient know that you encrypted it.
                Which probably doesn't work because they have that guy's public keys too.
                There's got to be *some* trusted 3rd party they can leverage.
                Wait a minute.

                Why can't you just check the public key on the server is equal to your o

      • by Gilmoure (18428)

        So much for updating the decor of my secret volcano lair. I dont want my arch nemesis stealing my interior designer's plans. Guess we'll just paint the walls beige.

      • I think what you're forgetting is that the content of the message is really only useful (from a big brother standpoint) if you can definitively pin the message on someone.

        Sure, if a message appears on my phone, I can write it down and SAY it's from you, but without that transaction log, it's just your word against mine. There's no paper trail except a message you claim I sent you. A picture of the message or anything else that doesn't include that signature is meaningless.

        So the REAL question is whether or

    • Re: (Score:3, Insightful)

      by Rockoon (1252108)

      I think this gives a false sense of security.

      All senses of security are false.

      • by thoromyr (673646) on Wednesday September 04, 2013 @12:25PM (#44757545)

        this got modded insightful?

        Hint, the more broad and absolute a statement is ("all" and "false") the less likely there is to be any truth to it.

        I could see it being interpreted as "funny", but it doesn't really get past the joke stage.

        • OK. What about
          All absolute statements about security are false
          If the above is a statement about security, it is false.Hence it is true.
          • by thoromyr (673646)

            Nice try. I never made the broad and absolute statement that you seem to be implying. "the more it is..." leads to "...the less likely". But I'm guessing you knew that.

        • by ceoyoyo (59147)

          It IS funny. It's not quite as funny as saying "who says?" to an anarchist wearing a question authority t-shirt, but it's not horrible. It says something about the average Slashdotter that it's modded insightful though.

    • by LWATCDR (28044)

      I am still trying to figure out what everybody is texting and messaging that is so private?
      I kind of work on the idea that anything that private I say face to face.
      I wonder just how much of this worry about the NSA is some form of narcissism. Frankly I am not important enough or interesting enough for the NSA to spy on me.
       

      • by Shompol (1690084)
        People with sensitive correspondence should worry about this, such as: political activists, lawyers, company execs, gangsters, politicians. They already utlize "face to face" to the maximum extent, but by deploying a blanket wiretap the government is giving them a dilemma: become a luddite or risk your communication compromised.

        Less likely, but even if you do not belong to one of the above groups then the government might be out to get you for any personal or political reason,they just need to mine your m
      • Why you should worry about surveillance: http://www.harvardlawreview.org/symposium/papers2012/richards.pdf [harvardlawreview.org]
      • by ceoyoyo (59147)

        In lots of places in the world you can be arrested for saying or writing things that most of us would consider perfectly harmless, never mind saying things that are unflattering to a government that would do things like that to it's citizens. In those places unsnoopable communications are extremely valuable.

        In places that currently aren't in such a situation, the existence of secure communications are essential to keeping it that way. Assuming you're American, your constitution has an amendment that makes

    • by RoboJ1M (992925) on Wednesday September 04, 2013 @11:23AM (#44756821)

      There's a button on my Ubuntu PC for creating private/public key pairs and uploading the public key to a ring of public key servers.
      Then, people can encrypt emails that only I can read because only I have the private key.
      I've always wondered why this isn't better integrated/more automatic when it comes to email systems (gmail?)

      Why not just leverage that type of mechanism?
      1) Install app
      2) it creates a key pair for your phone number
      3) It uploads the public key to one of these servers
      4) Anybody who texts you using a compatible app, it looks up your private key and encrypts the message only for you.

      Job done.

      If you can't fit the encrypted message in 120chars, it uploads the encrypted data to a 3rd party and all it sends is a message ID.
      Or it uses IP only (like imessage/whatsapp)
      Or is uses email as the bulk carrier
      All those IP messaging systems must use a 3rd party anyway as you're always NAT'ed behind a real IP address anyway on a mobile connection.
      I'm always on a 10.x.x.x address.

      • by sl4shd0rk (755837)

        I've always wondered why this isn't better integrated/more automatic when it comes to email systems

        The extra step needed (entering passphrase to use private key) are too cumbersome for most people. Implementing a work-around to make it "easier" negates the whole point of protecting the key in the first place.

        It can't get much easier than Enigmail in Thunderbird yet still nobody will use it. We live in the times of patheticosis.

      • by vux984 (928602)

        I've always wondered why this isn't better integrated/more automatic when it comes to email systems (gmail?)

        3 reasons

        1) Technical - gmail needs to have your private key to decrypt messages sent to you with your public key. Or to sign messages sent by you with your private key. They absolutely cannot offer a webmail service, if they can't descrypt your mail to show it to you over the web. If gmail has your private key, its not a very private key. The NSA can just quietly ask google for the key.

        2) Business -

      • by mcrbids (148650)

        Job done.

        Except it's not even close to done. This protocol is far more secure than no security at all, but is vulnerable to a number of different attacks. If you think the solution is simple, it's because you don't really understand the scope of the problem.

        1) How do you trust that the keys posted on the public key servers? Say I wanted to send you a message, How do I know that the key posted on the key server is in fact, from you? (See Certificate Authority) If a malicious party could intercept messages to you and

        • by bored (40072)

          How do you trust that the keys posted on the public key servers? Say I wanted to send you a message, How do I know that the key posted on the key server is in fact, from you? (See Certificate Authority) If a malicious party could intercept messages to you and decrypt them (using the bogus public/private key pair) and then re-encrypt the message to you using your formerly available public key, you'd receive the message and have no knowledge of the MITM attack.

          You are, of course correct, but that is what key

      • I've always wondered why this isn't better integrated/more automatic when it comes to email systems (gmail?)

        If you encrypt your email it will prevent Google from parsing the text and shovelling targeted ads at you.

      • by ceoyoyo (59147)

        Because I can grab you and torture you until you give me your private key. Then I've got all the messages you've sent or received.

        With this system, each message gets it's own private key that's deleted after a specified time period. If that time period is short enough I won't have time to grab and torture you. Even if I do, I'll only get the most recent messages.

        This system is less convenient than a persistent key pair because you can't keep an archive of messages. On the other hand, it's much more secu

  • How to crack: (Score:4, Insightful)

    by Anonymous Coward on Wednesday September 04, 2013 @10:54AM (#44756503)

    1. Send order to Google saying, "give us unrestricted read/write access to the persistent storage of all android devices. Oh, and you cannot tell anybody about it."
    2. Download the contents of all devices, including the keys.
    3. Install keylogger to capture any necessary passwords.
    4. Profit!

    • by X0563511 (793323)

      You don't even need to do the whole device. Apps run as their own user, so all you need to do is grab files owned by that user.

      The only way around this is for an app to use 'su' to escalate it's privileges, which requires a rooted device.

      • by Jartan (219704)

        That's incorrect. On Android every app is a separate user. Only files stored in the "SD Card" area are visible to other apps. So in theory you need a root exploit to get at this data.

      • by thoromyr (673646)

        no, no, they will need the entire file system just in case there was something else they needed. Once you've read government requests (I'm not talking the secret ones, just regular investigatory) the fishing expedition methodology employed quickly becomes apparent.

    • by Lumpy (12016)

      5. hacked rom authors discover this, post the information to their forums.
      6. news picks it up.
      7. Public outrage until some teen star twat shakes her butt on stange...
      8 Rinse
      9 repeat.

    • My steps:

      1. Opt out completely by first installing Cyanogen.
    • I think this speaks to the fact that post-Snowden, the game has entered a new stage.

      Pre-Snowden the NSA or whoever would not have been willing to do such a thing, due to the very high likelyhood of detection. Yes, 99.9% of people aren't going to notice their phone doing something unexpected. But if you apply it to everyone because you want the ability to grep their communications for keywords a.k.a. selectors then you need all of it, all the time. There are over a billion Android activations now. Even 0.01%

  • by Wrath0fb0b (302444) on Wednesday September 04, 2013 @10:58AM (#44756545)

    The "Burn Notice" feature lets the sender set a time for a text, video, voice recording or picture to be erased from the recipient's device.

    No, it can't. The recipient could be using a tampered application that ignores the timeout directive. Or it could modify the JVM to lie to the executable about the time or refuse to fire timers. Or modify the JVM to write all the memory transactions to disk (or host) even after the application frees (or GCs) it. Or modify the screen rendering APIs to capture the rendering. Or attach with JDB over ADB and halt the executable while the plaintext is in memory and slurp it out. And, of course, there are apps in the store that will just take a video of the screen.

    FWIW, I support the app and I believe the encryption-in-transit is a very worthwhile feature. But the "Burn Notice" is, from a security point of view, useless. If you trust the recipient with the plaintext, you trust the recipient with the plaintext, end of story. Anything else is DRM-esque attempts to put restrictions on a device that you do not own.

    • by X0563511 (793323)

      AFAIK an app could execute binaries that it packages. They just execute within that user's context. It doesn't have to be done via the JVM.

    • by Yvanhoe (564877)
      Exactly. I can't understand why anyone in technical circle would not scream SCAM! at this claim to be NSA resistant.
    • No, it can't. The recipient could be using a tampered application that ignores the timeout directive.

      Now is probably a bad time to point out that all phones have the ability to have their firmware rewritten and software updated silently, and this functionality is enabled by, er... turning it on. Any data stored on a mobile phone is inherently, by design, enforced by hardware mandate... insecure.

      You cannot secure a mobile phone anymore than you can build a bull pen using construction paper and string and expect it to hold an angry bull. Stop trying people. Fix the fucking hardware, then maybe all your "Ther

    • by zzsmirkzz (974536)
      If you don't trust the recipient, why would you send them encrypted messages? The point of this feature is to close the "I forgot to delete it" hole that exists and represents the "this message will self-destruct in xxx time" concept. Of course I understand you may be referring to the ISP installing or modifying the phone's software so as to get a copy of the plain-text and this is a valid, although unlikely, concern. The fix (and only fix) is to make sure the plain-text is also encrypted in some form so th
    • by cellocgw (617879)

      The "Burn Notice" feature lets the sender set a time for a text, video, voice recording or picture to be erased from the recipient's device.

      No, it can't. The recipient could be using a tampered application that ignores the timeout directive

      Ok, the solution is obvious: don't depend on recipient software to do the deletion. Rewrite the sending app so it sends ,instead of standard IP ones and zeroes, nanobot-bits which are preprogrammed to self-destruct after a set period of time. Being nanobot-bits, they can't be copied either, due to the Sokal Lemma modification to the Post-Hermaneutic Uncertainty Principle.

    • by ceoyoyo (59147)

      The point is not to force the recipient to delete messages, it's to delete messages for the recipient. It's a convenience feature. You and I could send each other e-mail, exchanging one-time use public keys each time and dutifully deleting both the plain text and private keys as soon as we'd read the messages. OR, we could use this app, that does all that work for us.

      Yes, if the person you're sending messages to is compromised you're screwed. But if he's merely imperfect, a timed auto-destruct prevents

  • You might try overwriting the data, but that makes the assumption that a write is to the same place as the data was a second ago. Ext3 does not guarantee that and SD cards avoid it to ensure wear levelling. It is harder than you think.

  • WTF, PRZ? (Score:4, Interesting)

    by Cajun Hell (725246) on Wednesday September 04, 2013 @11:04AM (#44756609) Homepage Journal

    TFA makes it sounds like the sender can make decisions about what the receiver's machine does. That is insane (and also impossible, or it's irresponsible to lead users to believe they'll get that). I hope I am misreading the claim.

    If the receiver has that control, or if the sender gets to specify advisory info in the hopes that the receiver uses it, ok. If not, then I think one of the most respected programmers ever (PZ) has left the path of wisdom.

    • by will_die (586523)

      No, you the receiver can make the decisions.

      Software like this is old, even Microsoft sell software with similar options.

      Instead of using the normal mail you have to you their software. Since the email only unencrypts in that software it can control how long it is kept, if you can forward it, if you can save it, etc. So unless you do screen captures if the sender only wants you to be able read it once that is all the software is going to allow you to do.

    • Also, what about the weakness that an update of the app (forced on them by NSA/etc) may send your private keys upstream. Like Mega they claim it is hands-off, but in reality there is a mechanism through which they could obtain the private key if pressured/blackmailed/waterboarded/whatever.

    • by Khashishi (775369)

      It's possible that Silent Circle has been compromised by the NSA.

  • by nimbius (983462) on Wednesday September 04, 2013 @11:05AM (#44756623) Homepage
    in rare cases NSA wiretaps reveal information about terrorist plots. in most cases of warrantless NSA spying however they do not. the purpose of NSA wiretaps is often used as a guilt generation and conviction assurance mechanism. Yet when it fails to produce any satisfactory outcomes, as this device would preclude it from doing so, the laws can and are frequently adjusted accordingly to suit the prosecutiorial entity. expect the installation or presence of this software to be acceptable grounds for the confiscation of your phone and further investigation of you and your property.
    • by houghi (78078)

      And even if they are unable to understand what you send (John has a large beard. I repeat: John has a large beard) they will be interested to see that there is a connection between you two.

  • Just Stop.. (Score:5, Insightful)

    by SuperCharlie (1068072) on Wednesday September 04, 2013 @11:08AM (#44756655)
    When the hardware, the software, and the transport medium are all compromised it is moronic to continue this "security" game.
    • The only way to win is not to play.

    • When the hardware, the software, and the transport medium are all compromised it is moronic to continue this "security" game.

      Or encode your messages OUTSIDE of the technology. At one time codes and cyphers were used for secret correspondences before creation (writing on paper) and transmission (hand carried by courier), but of course that takes effort at both ends.

  • Sadly, I'm forced to wonder how long before it will be illegal to do anything which would prevent the NSA from spying on you.

    Because, after all, if you have nothing to hide you have nothing to fear.

  • Trust No One (Score:4, Insightful)

    by Lawrence_Bird (67278) on Wednesday September 04, 2013 @11:17AM (#44756767) Homepage

    It is closed source right? And even if it is not, you need to be able to build the binary from a vetted copy of the source and associated libraries.

  • What people seem to fail to recognize about encryption is that it's not some kind of magic that makes the data perfectly "secure" forever. All it does is vastly increase the work factor for an attacker to read the data, because he first has to reconstruct the key.

    Moore's law, GPU programming, and elastic clusters are radically lowering the costs of brute force attacks. An organization with the nigh-unlimited resources of the NSA is going to be able to crack your file a lot faster than J. Random Hacker. I i

    • by ceoyoyo (59147)

      That fact that we've adhered so closely to Moore's law makes encryption more secure. Someone in the early 80's, at the invention of RSA, could have accurately predicted how much it would cost today to break a message encrypted with a given key size. You could have picked your key size accordingly, including one that would make your message essentially impossible to decrypt at any time in your lifetime (or the lifetime of the Earth) using all the theoretical computing resources of the solar system.

      In fact,

  • by Theovon (109752) on Wednesday September 04, 2013 @11:52AM (#44757117)

    We need an organization whose mandate is similar to the NSA. When the FBI, for instance, lawfully obtains evidence that gives them probable cause to get a warrant to invasively follow a chain of evidence, we need this information-gathering capability.

    But the NSA over-stepped their bounds, broke the law, and betrayed all Americans and their allies. As a result, people are now more motivated to produce tools to evade organizations like the NSA. Because American citizens have the right to privacy, and they now have to go out of their way to get it, criminals are now gaining more sophisticated tools they can also use to evade the NSA. Looking at the other comments, the app mentioned in particular here isn't necessarily all that effective, but give it time. Pretty soon, you'll be able to put up an impenetrable wall around your data that the NSA can't break through.

    The "problem" with this is that there are only two groups who will use these tools. Innocent privacy enthusiasts and criminals. The NSA will be unable to distinguish between them, essentially making rationally paranoid people targets of criminal investigations. And the NSA will be stupid about everyone else, seeing people NOT using encryption as low-hanging fruit, criminalizing countless innocent citizens merely in an effort to show that the NSA is catching *someone*, justifying their enormous budget. (In other words, they will make up criminals to justify their existance.)

    If the NSA had obeyed the law, we wouldn't be in this mess, where it is inevitable that we can no longer spy on real criminals, probable cause or not.

    • by 0111 1110 (518466)

      We need an organization whose mandate is similar to the NSA.

      For a second there I thought you were going to propose an anti-NSA organization: a government agency whose mandate and sole purpose is to protect Americans from NSA spying.

      The "problem" with this is that there are only two groups who will use these tools. Innocent privacy enthusiasts and criminals. The NSA will be unable to distinguish between them

      Are you implying that they can distinguish between them now? I don't think they particularly care. They are just building a database they can search, a private NSA Google.

      • by Theovon (109752)

        We need an organization whose mandate is similar to the NSA.

        For a second there I thought you were going to propose an anti-NSA organization: a government agency whose mandate and sole purpose is to protect Americans from NSA spying.

        I feel dumb for not having thought of this. Mind you, protecting us from violations of our rights in general should be the job of the executive branch. The law is that we're not to be spied on without a clear chain of evidence constituting probable cause. The executive branch is supposed to enforce the law. Too bad they don't.

        The "problem" with this is that there are only two groups who will use these tools. Innocent privacy enthusiasts and criminals. The NSA will be unable to distinguish between them

        Are you implying that they can distinguish between them now? I don't think they particularly care. They are just building a database they can search, a private NSA Google.

        True. And as someone who knows just enough about information retrieval to be dangerous, I can assure you that what they get out will be almost entirely garbage. Look up "precisio

  • Then use a 1 time pad book and hand encrypt and decrypt your text messages. The NSA will never EVER decrypt your communications. Why has nobody made that simple app? a 1 time pad file that you pre-share out of band and then have it send and receive your text messages. Under Android this would be trivial.

  • Not that I'm a fan of that, but there are far worse regimes. The NSA, GCHQ etc. should each host secure email systems that of course they can read, but Bashar al Assad, Hosni Mubarak, Robert Mugabe etc. (in fact anyone other than the country that runs it) should be denied access, even if they are an ally. That way a dissident could pick a secure email service from a country they trust. It's not an option you have to use, but it would be an interesting option to have.
  • There are several complicated, high-tech computer forensics applications [google.com] which can circumvent any type of message burning or self-destructing images. If you think that you can send a message to someone and prevent them or someone spying on them directly from keeping a copy, then you're doing it wrong.
    • by ceoyoyo (59147)

      Hight-tech computer forensics applications can't retrieve a copy of a message that was deleted long ago, along with it's decryption key. That's the point.

Simplicity does not precede complexity, but follows it.

Working...