Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy

NSA's Guide For Choosing a Safe Text Chat and Video Conferencing Service (zdnet.com) 73

The US National Security Agency (NSA) published last week a security assessment of today's most popular video conferencing, text chatting, and collaboration tools. From a report: The guidance contains a list of security criteria that the NSA hopes companies take into consideration when selecting which telework tool/service they want to deploy in their environments. The NSA document is not only meant for US government and military entities but the private sector as well. The idea behind the NSA's initiative is to give military, public, and private organizations an overview of all of a tools' features, so IT staff don't make wrong decisions, expecting that a tool provides certain features that are not actually living up to the reality. Per the NSA's document, the assessed criteria answers to basic questions like:

Does the service implement end-to-end (E2E) encryption?
Does the E2E encryption use strong, well-known, testable encryption standards?
Is multi-factor authentication (MFA) available?
Can users see and control who connects to collaboration sessions?
Does the tool's vendor share data with third parties or affiliates?
Do users have the ability to securely delete data from the service and its repositories as needed (both on client and server-side)?
Is the tool's source code public (e.g. open source)?
Is the service FedRAMP approved for official US government use?

This discussion has been archived. No new comments can be posted.

NSA's Guide For Choosing a Safe Text Chat and Video Conferencing Service

Comments Filter:
  • of precisely which software NOT to use.
    • Re:This is a guide (Score:5, Insightful)

      by Opportunist ( 166417 ) on Thursday April 30, 2020 @05:27PM (#60009072)

      Why? Just 'cause the NSA says something doesn't make it "evil" by definition. The recommendations looks sensible so far.

      • Re:This is a guide (Score:4, Interesting)

        by OneHundredAndTen ( 1523865 ) on Thursday April 30, 2020 @05:46PM (#60009118)

        Why? Just 'cause the NSA says something doesn't make it "evil" by definition. The recommendations looks sensible so far.

        Have you considered the possibility that the NSA's recommendations are based on what it is that they can easily crack? Maybe the recommend applications ABC and XYZ because they are aware of vulnerabilities in those applications that they can exploit.

        • Re:This is a guide (Score:5, Insightful)

          by 93 Escort Wagon ( 326346 ) on Thursday April 30, 2020 @06:02PM (#60009162)

          The NSA has kind of a Jeckyl-and-Hyde personality thing going on because they're tasked with two completely incompatible roles - protecting the communications of the American public while at the same time being tasked with the interception and decryption of secure traffic for defense purposes.

          Honestly, they should probably be split up into two separate agencies.

          • Wow. Thatâ(TM)s it. Absolutely nothing describes the NSA better than this. Mod this to 6 please.
          • by AmiMoJo ( 196126 )

            Or just shut down the domestic spying bit because secure communication that the government can't access is fundamental to democracy.

          • by WallyL ( 4154209 )
            I propose "NSA Red Team" or NRT, (https://en.wikipedia.org/wiki/Red_team) and "NSA Blue Team" or NBT, and the millenials who are actually willing to work there should publish videos similar to Red vs Blue (https://en.wikipedia.org/wiki/Red_vs._Blue)
          • by rriven ( 737681 )

            The fact that there is SUITE-A (FIREFLY, JOSEKI) Encryption algorithms for Military use and SUITE-B (AES, SHA,ECDSA) for Commercial use speaks volumes about how secure the NSA sees SUITE-B

        • And you think that would sit well with US corporations if their trade secrets can easily be cracked by foreign secret services?

          Remember, there is no such thing as a government-only backdoor. If you can crack it, so can the others.

          • by Kjella ( 173770 )

            Remember, there is no such thing as a government-only backdoor. If you can crack it, so can the others.

            Actually you can construct algorithms that have a backdoor key if you know some secret about its construction. They think NSA put a backdoor in Dual_EC_DRBG, but nobody else knows the key to it. But of course, should anyone get hold of that key then the cat is out of the bag.

        • by gtall ( 79522 )

          Tell you what, violate all those recommendations in your decisions on what to use. Get back to us real soon on how that works out for you. We cannot wait.

        • Assuming:

          * The NSA's list is primarily based on what they believe China, the EU, and Russia can't crack (with a tie-breaker of things the NSA can), and

          * China's list is primarily based on what they believe the US, the EU and Russia can't crack (with a tie-breaker of things China can), and

          * Russia's list is primarily based on what they believe China, the EU, and the US can't crack (with a tie-breaker of things Russia can), and

          * The EU's list is primarily based on what they believe the US, China and Russia ca

          • Minor problem with your analysis is that the EU consists of some 26 distinct governments with a variety of mutual alliances and antagonisms to influence this sort of assessment. So ... if you get a security recommendation from an EU level body (rather than a low-level body, such as a sovereign nation's security services), then either you'll get a complete tongue-tied mess, or something that doesn't have any under-the-counter influences. How, for example, could the German state code-breakers clandestinely in
        • hm , it would sound a lot better if the NSA , KGB , Mossad and german stasi all together agreed on the list lol . I'm prone to postal carrier pigeons myself for the time being
      • Well, ok then, almost, but not quite, entirely unlike not by definition.

        Seriously, if you trust anything by the NSA, you're as nuts as a North Korean or Chinese state lover.

      • "Local burglar reviews security systems"

        • Well, yeah. It's actually amazing how many people I get to meet again at security conferences that I know from a former life when games were expensive, I was poor and being able to make games playable by a wider range of audience was a skill that could get some free games to you...

  • by jonwil ( 467024 ) on Thursday April 30, 2020 @04:50PM (#60008948)

    Is it backdoored so we here at the NSA can read everything?

    • Precisely what I thought when reading it.
    • Is it backdoored so we here at the NSA can read everything?

      Dear sir,

      What other order did you think the list was presented in?

    • From TFA: The primary audience for this guidance are U.S. Government employees and military service members engaging in telework, especially telework employing personally owned devices such as smartphones and home computers.

      Most of the comments here don't make sense in this context. Also, as someone stated, it doesn't recommend *any*. It recommends what to look for in such services, and shows parameters for certain ones.

      It's worth noting that being open source software is a criterion that it lists as a po

    • Your hardware is factory p0wned.

  • I was thinking about how they would promote US-backdoored stuf, but the criteria sound pretty ok. So I take a look at what is put in the table they filled in and there there is stuff such as whatapp is sharing minimal data with third parties or affiliates ... like really ? A facebook owned product ?
    • by vux984 ( 928602 )

      As much as I dislike facebook, what's app wasn't developed by them, and by all accounts quite securely built. I believe the NSA assessment of it here and now.

      I still won't use it because its facebook. And I don't trust facebook to keep it secure, and they're actively looking to turn it into adware...

      https://www.gizmochina.com/202... [gizmochina.com]

      It was nice to see signal on the list. I'd have liked to see the NSA's report on discord & telegram too.

      • AFAIK WhatsApp's develeopment is only secret because it started out as a superficially modified rip-off of an existing open source XMPP client, and the EFF would have sued their asses off if they had found out.
        Analogous to how their encryption at first was trivially decryptable and only served to make what was otherwise bog-standard XMPP incompatible to other clients, to force lock-in and prevent federation with other XMPP networks (similar to how e-mail works).

      • by AmiMoJo ( 196126 )

        I wish WhatsApp supported secure backups. It has a backup feature but the stored data is not encrypted. It's mainly there so you can transfer your conversations to a new phone I think, but with a backup you really need it to run periodically in case something catastrophic happens.

  • What about all the billions of accounts that are getting hacked? Not the NSA's job?
  • ... use Apple, Microsoft, certainly not anything Google, nothing Facebook, ...

    • by dgood ( 139443 )

      No it doesn't. It doesn't give an opinion on which to use, only an assessment of each tool based on a set of criteria they describe. Microsoft, Google and WhatsApp all satisfy most of their criteria. Apple isn't even listed.

  • by ugen ( 93902 ) on Thursday April 30, 2020 @05:26PM (#60009068)

    Mr. Foxes "Excellent Guide to Securing your Chicken Coop".

  • by PineHall ( 206441 ) on Thursday April 30, 2020 @05:32PM (#60009084)
    Looking over the table, it looks like Wickr is the one program that meets the criteria the best. It is not FedRAMP approved and it does not have "voice conferencing" (what about "video conferencing" with the camera blocked). No other program did as well. Signal came close.
    • by AmiMoJo ( 196126 )

      I really want to like Signal but the mobile app is total crap. It needs a huge number of permissions and wants to handle my SMS messages too. I just want a basic, simple and secure messaging app.

      • by tricorn ( 199664 )

        Signal doesn't require any special permissions.

        If you don't give it permission, it simply doesn't give you that capability. So, microphone, no voice. No camera, no video. No contacts, use numbers only. No storage, no file transfers.

        It works fine with not having access to SMS, you just can't auto-invite someone to start using Signal, or use Signal as default SMS app (which lets you consolidate all your messaging in one place, including secure backup of messages). Same with "Phone" access, you can use Si

  • Here's how it works (Score:5, Interesting)

    by divide overflow ( 599608 ) on Thursday April 30, 2020 @05:35PM (#60009094)
    Q: Are you running a new device with a fully up-to-date, fully patched version of the appropriate OS for your device?
    A: Yes.
    Q: Did you modify the OS or run any software to modify the OS?
    A: No.
    Q: Did you load any software that wasn't from the OS provider's app store?
    A: No.
    Q: Ok, go to that app store, download Signal and use it for all confidential communications. Keep it and your OS up to date.

    Done.
    • For one-on-one calls, sure, but Signal doesn't currently do multi-way group calls, which is a significant limitation. It's interesting that Jitsi wasn't one of the options they considered, since it's the "serious" suggestion for group chats among most of the geek crowd I know.

      • I was also surprised to not see Jitsi in there... They certainly know about JItsi as it's been out for years, it's a solid alternative, why not include it ?

        I looked at their on their FAQ (Jisti) about security and I was a bit shocked to learn that conferences of more than 2 people are decrypted while they pass through the videobridge (which acts as proxy for all attendants) ! I always assumed it was full end-to-end encryption all the time.

        However as of late april, they've experimenting with a new feature in

        • I think they do it for performance/bandwidth reasons: it takes less bandwidth if you mix all the participants' faces into a single video stream and then distribute that. You have to distribute a single rectangle full of moving pixels one-to-many, as opposed to many rectangles full of moving pixels many-to-many.
        • I looked at their on their FAQ (Jisti) about security and I was a bit shocked to learn that conferences of more than 2 people are decrypted while they pass through the videobridge (which acts as proxy for all attendants) ! I always assumed it was full end-to-end encryption all the time.

          They're actively working on that too, and it is explicitly the end goal they are trying to achieve. But one difference between Jitsi and a lot of the other videoconferencing services is that Jitsi are transparent about what they have so far and how it works. And of course if that level of security is important for your application, you don't have to use their public server and can run your own bridge.

          • Sorry, something funny happening with /. for me tonight. I meant to cancel that when I saw your post made them same points but posted instead. Then I meant to comment saying so like this, and that hasn't appeared. Must be past my bedtime to have this much finger trouble. :o)

    • Blindly trusting the chip/hardware/OS manufacturers/assemblers might not do it, if your job is to keep the secrets that are used to literally harm the entire world and all life in the known universe...

      I'm certain that for any big spying organization, at least half a dozen states, enemies as well as allies, are tying to sneak in dopant-level hardware trojans at any given time. And half a dozen *times* that, actors are trying to put backdoors in their OSes and software.

      • Yeah, I wasn't going to go there in my initial post. Bottom line: If you depend on avoiding scrutiny by state-level actors with overwhelming resources, forget the smartphone. Your OpSec has now escalated to the big leagues and you'll need big boy spook-level resources. Get yourself some expert training and get ready to go dark.
      • I'm certain that for any big spying organization, at least half a dozen states, enemies as well as allies, are tying to sneak in dopant-level hardware trojans at any given time. And half a dozen *times* that, actors are trying to put backdoors in their OSes and software.

        The problem is how to store and exfiltrate data without it being noticed. This is much, much harder than it appears, at least for attacks at scale. If a national intelligence agency is actively targeting you in particular, and they care enough to put some effort into it, you're just screwed, there's nothing you can do other than go live in a cave without electronics.

    • Q: Ok, go to that app store, download Signal and use it for all confidential communications. Keep it and your OS up to date

      I got to this step but can't find any of my contacts on Signal. Is this a bug?

    • by AmiMoJo ( 196126 )

      Signal needs your phone number. You can't use it without a valid phone number.

      Also the permissions are ridiculous. This app has access to:

      - Photos / Media / Files
      modify or delete the contents of your USB storage
      read the contents of your USB storage
      -Device ID & call information
      read phone status and identity
      - Microphone
      record audio
      - Calendar
      read calendar events p

      • Explain why Signal needs to use the GPS or change my wallpaper or access Bluetooth or control my WiFi or create new accounts or access all my files.

        RTFM...it's all explained here:

        Signal Permissions
        https://support.signal.org/hc/... [signal.org]

        • by AmiMoJo ( 196126 )

          I have and it's all bullshit. "Allows you toÂshare your current location in messages with your friends." Why does a secure messaging app even need to do that? Even crap like WhatsApp doesn't have that feature.

          They don't explain things at all. For example "create accounts and set passwordsÂ-ÂAllows SignalÂto create an account on your device, viewable at System Settings > Accounts" Okay but why do you need to create an account at all?

          Or how about "pair with Bluetooth devicesÂ- Allo

          • If you have a decent Android version, you can deny quite a bit of those. I'm thinking of GPS, Bluetooth and such. The remaining ones, like account creation, are required on Android for the app to function.
          • For iPhones you can turn most of that off in iOS permissions granted to the app. It isn't needed for the app, it's just a bunch of feature you can choose to use. And if you don't like the app you can simply uninstall it. It's your choice. It doesn't make you do anything.
          • by tricorn ( 199664 )

            A lot of those are overlaps between different Android versions (so Contacts includes a bunch of capabilities grouped and named differently in other versions).

            If you don't want to share your location, then don't enable it. If you don't want it to handle SMS messages, don't enable it. If you don't want to send files, do voice or video calls, use your contacts list, don't enable those permissions. It works fine with all of that turned off.

            If you're paranoid, check out the source and compile it yourself. If

            • by AmiMoJo ( 196126 )

              I'm wondering how hard it would be to compile a version with most of the crap stripped out, and maybe the option to use a random number as your phone number.

              I've never done any Android development and I don't see any forks, so I'm guessing it's not trivial.

              • Here is the source repository:

                https://github.com/signalapp/S... [github.com]

                Do with it what you will.

                Here is some info from Wikipedia on the guy responsible for Signal:

                Matthew Rosenfeld, known as Moxie Marlinspike, is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal, co-founder of the Signal Foundation, and currently serves as the CEO of Signal Messenger. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Facebook M
                • by AmiMoJo ( 196126 )

                  You would think someone who has worked in security would know the basics, e.g. reducing the attack surface by not including pointless features like the ability to change wallpaper.

  • Question: Don't you have the most secure VPN in the known universe? I mean with a hacking and cryptanalysis and information security department bigger than the entire government of some smaller states...
    And if no ... are you hiring? You can find me on Xing, my name is ... ehrm ... Ed...Eduardo ... Snowdeno.

  • For government communications, I would hope that all products used retain records for several years and have a means for investigators to decrypt the data. This seems like the ultimate enabler for government corruption.
  • by Aristos Mazer ( 181252 ) on Thursday April 30, 2020 @10:06PM (#60009656)
    NSA: Citizens should only choose end-to-end encryption with testable standards.
    FBI: Citizens should only choose communications subject to man-in-the-middle attacks or backdoor'd standards.

    If you've ever wondered which three-letter-agency wins in a fight, I guess this is time to grab the metaphorical popcorn.
  • Keep your birds safe with the information contained in this free document. Download now.

No spitting on the Bus! Thank you, The Mgt.

Working...