Jump to content


Photo
- - - - -

Android Call Encryption


  • Please log in to reply
23 replies to this topic

#1 TheMad Scientist

TheMad Scientist

    the 0ne

  • Members
  • 1 posts
  • Gender:Male

Posted 15 September 2010 - 11:50 PM

Hey guys there is this app called Redphone by whisper systems that will encrypt calls using zrtp encryption. Its Free.
http://www.whispersys.com/

#2 SirAnonymous

SirAnonymous

    SCRiPT KiDDie

  • Members
  • 20 posts
  • Gender:Male

Posted 09 January 2011 - 11:35 AM

not trolling here, but give me a scenario where i would need to use this, being a civilian.

#3 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 09 January 2011 - 01:20 PM

not trolling here, but give me a scenario where i would need to use this, being a civilian.

Buying drugs.

#4 heisenbug

heisenbug

    Gibson Hacker

  • Members
  • 79 posts
  • Country:
  • Gender:Male

Posted 09 January 2011 - 01:25 PM

not trolling here, but give me a scenario where i would need to use this, being a civilian.


Avoiding corporate espionage.

#5 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 09 January 2011 - 02:17 PM


not trolling here, but give me a scenario where i would need to use this, being a civilian.

Buying drugs.




not trolling here, but give me a scenario where i would need to use this, being a civilian.


Avoiding corporate espionage.

Same difference.

#6 SirAnonymous

SirAnonymous

    SCRiPT KiDDie

  • Members
  • 20 posts
  • Gender:Male

Posted 09 January 2011 - 03:40 PM



not trolling here, but give me a scenario where i would need to use this, being a civilian.

Buying drugs.




not trolling here, but give me a scenario where i would need to use this, being a civilian.


Avoiding corporate espionage.

Same difference.


+1

#7 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 09 January 2011 - 06:56 PM

Cool, instead of setting up stunnel or something, I completely place my trust in whisper systems, even though they have the perfect place to MITM the encrypted session because each call must establish via their switch :smile:

Whisper's website by keoxa, who are so busy making everyone elses website , theyve forgot to make one for themeselves. But at least they have the decency to have register globals off in their php.ini :unsure:

#8 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 10 January 2011 - 02:52 AM

Cool, instead of setting up stunnel or something, I completely place my trust in whisper systems, even though they have the perfect place to MITM the encrypted session because each call must establish via their switch :smile:

Whisper's website by keoxa, who are so busy making everyone elses website , theyve forgot to make one for themeselves. But at least they have the decency to have register globals off in their php.ini :unsure:

Only its going open source.

#9 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 12 January 2011 - 07:10 AM


Cool, instead of setting up stunnel or something, I completely place my trust in whisper systems, even though they have the perfect place to MITM the encrypted session because each call must establish via their switch :smile:

Whisper's website by keoxa, who are so busy making everyone elses website , theyve forgot to make one for themeselves. But at least they have the decency to have register globals off in their php.ini :unsure:

Only its going open source.

Going. I wonder when they finally publish it, if the calls will still have to route via their switch.

#10 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 12 January 2011 - 02:46 PM

Going. I wonder when they finally publish it, if the calls will still have to route via their switch.

I could be wrong, but afaics the only thing that is routed via their switch is the SMS request to start a call.
And the encrypted VOIP just uses P2P internet routing.

Hardly be a complex job to mod up an SMS relay.

Not that I think there would even be much need for that, since all the SMS need contain is
<RINGRING><IP><PORT><PUBLICKEY>

Although personally I'd want customisable twoway encryption with a buildkey because I don't trust RSA.

Edited by mSparks, 12 January 2011 - 02:54 PM.


#11 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 13 January 2011 - 07:43 AM

bear in mind though.
This almost certainly won't protect you against
http://en.wikipedia....one_microphones

Reverse engineering that is on my todo list eventually.
Now that would be a cool hack.

#12 Trikk

Trikk

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 348 posts
  • Country:
  • Gender:Male
  • Location:Portland, OR

Posted 18 January 2011 - 09:22 AM

bear in mind though.
This almost certainly won't protect you against
http://en.wikipedia....one_microphones

Reverse engineering that is on my todo list eventually.
Now that would be a cool hack.


Reverse engineering it, as in you've seen one?
Do you have any links or references to such a device or software?

#13 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 18 January 2011 - 07:18 PM


bear in mind though.
This almost certainly won't protect you against
http://en.wikipedia....one_microphones

Reverse engineering that is on my todo list eventually.
Now that would be a cool hack.


Reverse engineering it, as in you've seen one?
Do you have any links or references to such a device or software?

part of the FCC regulations afaik. (so pretty much any phone with an FCC stamp)

There was a big controversy a while back when it was discovered the Chinese had worked out how to access it.
Know a few guys in the EW division of the Britsh military, they use it to identify targets on a fairly regular basis.

http://www.schneier....y_eavesd_1.html

Edited by mSparks, 18 January 2011 - 07:27 PM.


#14 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 30 January 2011 - 11:20 PM


Cool, instead of setting up stunnel or something, I completely place my trust in whisper systems, even though they have the perfect place to MITM the encrypted session because each call must establish via their switch :smile:

Whisper's website by keoxa, who are so busy making everyone elses website , theyve forgot to make one for themeselves. But at least they have the decency to have register globals off in their php.ini :unsure:

Only its going open source.


It doesn't matter. If you want a secure phone, register with the government and get a General Dynamics Sectera Edge. Backdoors abound almost certainly, but the NSA doesn't really care about most people's trade secrets so long as your American and not competing with a favored defense contractor. ;) Here's your problems.

First, the hardware and firmware might have holes. Matter of fact, GSM protocol has features that are essentially backdoors. Look into SS7. Carriers often have what's essentially a backdoor in the firmware for update purposes, but that could be used for subversion. Then, the phone OS's themselves totally suck. Just look how easy it is to "jailbreak" iphones and "root" Android phones. I rest my case. So, your running a binary from a possibly subversive company, on an insecure phone OS, on an untrustworthy firmware stack, and some of you think your communications are "protected"? LMAO! Don't get me started on all the companies selling apps and services to subvert phones remotely, probably using firmware, OS and protocol attacks. Then there's emanation security... TEMPEST... side channels. Even Cryptophone can prove that what's on their phone was created from their published source code. Crypto AG was found to be an NSA front, even though in a neutral country with many government customer. OK Labs and Sirrix have partnered on a phone with a secure microkernel, but firmware, backdoor, TEMPEST issues still remain.

So, what's the point? To build a secure system, you have to secure everything from the ground up. Either buy an NSA-certified communication device or build your own out of foreign embedded boards with hardened software stacks following a Red-Black separation paradigm and using non-DMA connections to the trusted crypto component. This will probably limit you to VOIP, but it works. VIA Artigo boards and aerospace-grade POWER boards with safety-critical OS's for the crypto part are a good start. The rest is a trade secret, but I'm sure you will figure something out. ;) Just stay away from "secure" comms solutions built on "insecure" hardware or OS's. It just... doesn't... make... sense.

#15 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 31 January 2011 - 01:18 PM

If you want a secure phone, register with the government

Almost funny.
Hi, my names Chen Guangcheng, please Mr Jintao can I have a secure phone.

It doesn't matter. If you want a secure phone, register with the government and get a General Dynamics Sectera Edge. Backdoors abound almost certainly, but the NSA doesn't really care about most people's trade secrets so long as your American and not competing with a favored defense contractor. ;) Here's your problems.

Hmmm,
afaik
http://wikipedia.org...nce_controversy
Is mostly done at the GSM station level, you don't need to go "all out" with insane hardware to protect against "fishing" taps, just make sure your comms can only reasonably be decoded at origin and destination, rather than traveling "plaintext" over the network. This includes any comms that routed through US satellites......

And nothing you've mentioned there covers one of the main benefits of this, which is breaking away the Source-Destination tuples from the telex. Far more valuable to any hostile than the content of any message.

If you are high value enough target to have your personal, physical, phone targeted, I'd be tempted to leave it reasonably open and detect an intrusion - at least then you know you are being targeted (in which case your phone is unlikely to be the only thing compromised.)

Basically what this sounds like to me is "If you don't have access to the nuclear launch codes, there is no point wispering about where you keep stuff that some authoritarian retard might want to steal off you."

Edited by mSparks, 31 January 2011 - 01:21 PM.


#16 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 01 February 2011 - 03:02 AM

@ mSparks

I see where your reputation rating comes from. You entirely missed the first point of my post and totally ignored the rest. For one, most people needing protection aren't enemies of the state, per se. They are U.S. or NATO corporations protecting their intellectual property from the likes of Russia, China, and Israel. These were the three highest risk adversaries listed in the leaked British MOD Security Manual. It's well known that Russians use TEMPEST style attacks when others fail. Look up the great seal bug. It was an active emanation attack. Base station level attacks are popular, but so are others. That you ignore them in your reply doesn't change the face that attackers will hit any aspect of your security they can, from physical to weak phone OS to crypto implementation. So, for most companies, using one of these secure phones isn't a problem. Foreign encrypted phones with hardened OS's, like Cryptophone, can be obtained by whoever if they use a proper front or middleman. The counter-claims you mentioned don't refute my attacks on the status quo: encrypted comms over Android is still not a safe idea.

Now, for the part you ignored. The hardware, firmware, OS libraries and crypto implementations are very important here. Phone companies were quite compliant with national security orders to install eavesdropping equipment. Do you trust that, if you matter enough, that the mobile phone company won't slip in something over the firmware update or control features? Do you think your enemies, assuming some technical knowledge on their part, will ignore the various vulnerabilities in Linux or Android they could exploit to get your encryption keys? Do you think that a poor crypto implementation that leaks information via side channels won't give your secrets away? (see cache attacks on AES and recent Intel SMT cache and functional unit covert channels)

The verdict, proven by years of high assurance comsec research, is that the platform must be secured from the ground up and not be capable of leaking sensitive information during operation. The Android platform and Whisper System's product fail to meet this requirement. Hence, your options are a high assurance US Govt phone, a hardened foreign encrypted phone, or a custom bulky secure VOIP platform made from hardware from randomly selected foreign suppliers, following red-yellow-black architecture. That's the architecture the high assurance phones use. Android and RedPhone don't. They aren't worth a shit if your attacker really wants you. If you don't want to trust US govt, then fine. I can't. But, I don't trust BS platforms full of design flaws, large TCB's and many exploit techniques the lay person could use. Custom solution with non-American hardware is best for people who can't trust US Govt. Just remember to keep the crypto component as flawless and simple as possible, carefully eliminating covert storage and timing channels.

#17 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 01 February 2011 - 07:20 AM

I didn't "miss the first point of my post and totally ignored the rest", see my posts #11 and #13.
You are referring to the case where your phone is individually targeted.
I merely pointing out it subverts the data that is routinely collected from everyones phone.
The only other alternative afaik is skype, and that has various malicious kit installed by default that can't be removed because its not open source.

I'm not saying its "perfect" in any way shape or form (again, see posts 11 and 13) - It wont protect against a targetted attack (in the same way your solution won't protect against someone putting a bug in your office), but it will protect against the attacks that everyone is subject to every time they make a call.

What your saying is along the lines of a "confidential" level device is not suitable for "top secret" level info.
Which is pretty fucking obvious to be honest.

Only your adding "if you want to talk confidentially, you need a device certified for "top secret"", which is bullshit.

Edited by mSparks, 01 February 2011 - 07:54 AM.


#18 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 01 February 2011 - 04:22 PM

I didn't "miss the first point of my post and totally ignored the rest", see my posts #11 and #13.
You are referring to the case where your phone is individually targeted.
I merely pointing out it subverts the data that is routinely collected from everyones phone.
The only other alternative afaik is skype, and that has various malicious kit installed by default that can't be removed because its not open source.

I'm not saying its "perfect" in any way shape or form (again, see posts 11 and 13) - It wont protect against a targetted attack (in the same way your solution won't protect against someone putting a bug in your office), but it will protect against the attacks that everyone is subject to every time they make a call.

What your saying is along the lines of a "confidential" level device is not suitable for "top secret" level info.
Which is pretty fucking obvious to be honest.

Only your adding "if you want to talk confidentially, you need a device certified for "top secret"", which is bullshit.


Maybe it will help on calls in general, maybe not. Encrypted calls look conspicuous because most calls are plain text. It may increase your chance of getting targeted by an automated method of circumvention, like the ISP backdoor method. Maybe not. Hard to tell. We don't know their exact capabilities. Probably doesn't hurt to use it for that, but can't tell how much it helps considering the threat model.

The people who usually do the damage aren't government keyword searching programs or individuals in the middle points all cell traffic goes to. Almost any time a person must worry, it's a targeted attack. Even GSM crackers that retail under $1000 are a significant investment and must be targeted at one phone for a period of time. Hell, most crooks don't even use encrypted phones. It's hard to say there's much risk from non-targeted attacks. It's the targeted attacks you must worry about. Currently, if I can get your phone for 5 minutes, I can root it enough to defeat common encryption software. How many thugs or spies would be willing to do such a low risk attack for valuable information?

The important thing here is the threat model. Before security measures are considered, one must do a threat analysis. For call encryption, you have people in the middle of the end points running automated analysis, people at the endpoints conducting surveillance, and remote attacks on the endpoints or middle layers. Low assurance call encryption doesn't help at all for any of these threats except certain automated analysis methods in the middle. Almost all of these basic crypto suites and OS's are certified by the government to EAL4: "protects against casual or inadvertant attempts to breach security." In other words, if they are total losers or just accidentally tried to intercept your stuff, you'd be safe with low assurance implementation like Redphone on Android. If they are "sophisticated or well-funded" attackers, especially going after "high value assets," then your COMSEC strategy must meet "high robustness" guidelines. Otherwise, you get owned.

As I've illustrated, most attacks on encrypted cell phones or communications in general are targeted attacks. Well, the ones that usually cause reported damage. A company using Android or iPhone encryption is at risk if it's assets are worth more than the few hundred it takes to pay a thug to grab the phone, connect a wire to it and run some scripts. You keep drawing an analogy to military systems, but it's not quite correct: confidential in military terms is much stronger than confidential in business terms. The military typically requires any system that processes classified information and connects to unclassified devices to meet the NSA's Type 1 device standards. Devices that possess classified data are considered classified themselves and have serious restrictions on their handling and what they can connect to. All connections to unclassified networks or systems are often required to go through high assurance gateways, switches, VPN's, etc. Hence, it actually does take a military grade platform to protect secrets of any kind. The only difference between a Confidential and Top Secret system is the level of assurance: how easy is it to break? Type 1 and Type 2 systems go through a whole system NSA certification process that says they are very difficult to break. Anything less is insecure. It's that simple. Else, Redphone would be approved for transmission of classified information. Currently, these apps aren't approved for even Confidential information and maybe not Sensitive But Unclassified information. That's pretty weak, imho. I wouldn't use it if I was the kind of person who actually had to worry about eavesdroppers.

Side note: Good call on Skype. I've advised clients to avoid it for the use of transmitting sensitive information. The combination of crypto they can decrypt and rootkit behavior at the client side lead me to believe Skype is untrustworthy at best and malicious at worst. There is a decent amount of circumstantial evidence that Skype might be an NSA front now, like Crypto AG in Switzerland was (and still is lol). I'll let others draw their conclusions on the research, but my take is "why take the risk and put so much trust into Skype's servers if I dont have to?" Ya know?

Skype - NSA front?
http://ultraparanoid...-skype-is-evil/

#19 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 01 February 2011 - 05:14 PM

one by one...

Maybe it will help on calls in general, maybe not. Encrypted calls look conspicuous because most calls are plain text. It may increase your chance of getting targeted by an automated method of circumvention, like the ISP backdoor method. Maybe not. Hard to tell. We don't know their exact capabilities. Probably doesn't hurt to use it for that, but can't tell how much it helps considering the threat model.

I can think of many examples where not having certain numbers in my call history is a good thing.

The people who usually do the damage aren't government keyword searching programs or individuals in the middle points all cell traffic goes to. Almost any time a person must worry, it's a targeted attack. Even GSM crackers that retail under $1000 are a significant investment and must be targeted at one phone for a period of time. Hell, most crooks don't even use encrypted phones. It's hard to say there's much risk from non-targeted attacks. It's the targeted attacks you must worry about. Currently, if I can get your phone for 5 minutes, I can root it enough to defeat common encryption software. How many thugs or spies would be willing to do such a low risk attack for valuable information?

There are many examples of "rouge" GSM relays, they can blanket an entire area, that guy just got sent down for tapping large estates somewhere in the US didn't he?

The important thing here is the threat model. Before security measures are considered, one must do a threat analysis. For call encryption, you have people in the middle of the end points running automated analysis, people at the endpoints conducting surveillance, and remote attacks on the endpoints or middle layers. Low assurance call encryption doesn't help at all for any of these threats except certain automated analysis methods in the middle. Almost all of these basic crypto suites and OS's are certified by the government to EAL4: "protects against casual or inadvertant attempts to breach security." In other words, if they are total losers or just accidentally tried to intercept your stuff, you'd be safe with low assurance implementation like Redphone on Android. If they are "sophisticated or well-funded" attackers, especially going after "high value assets," then your COMSEC strategy must meet "high robustness" guidelines. Otherwise, you get owned.

Firstly, just the fact this is VOIP helps a lot, second of all, having VOIP on your normal phone number is pretty damn useful (I can now call the Mrs on her normal telephone number for free for example.) no "signing in", no pissing around, no constantly "logged in" etc. While the above is all perfectly valid, you can bind this easily with very heavy encryption - just have the text message point to a web session and use the normal (even enhanced) SSL exchange. I'm not particularily commenting directly on redphone, but their basic design structure has a lot of potential.

As I've illustrated, most attacks on encrypted cell phones or communications in general are targeted attacks. Well, the ones that usually cause reported damage. A company using Android or iPhone encryption is at risk if it's assets are worth more than the few hundred it takes to pay a thug to grab the phone, connect a wire to it and run some scripts.

Actually, I'd bet the most common attack is police retrospectively analyzing peoples conversations.

You keep drawing an analogy to military systems, but it's not quite correct: confidential in military terms is much stronger than confidential in business terms. The military typically requires any system that processes classified information and connects to unclassified devices to meet the NSA's Type 1 device standards. Devices that possess classified data are considered classified themselves and have serious restrictions on their handling and what they can connect to.

Hmm, not sure I buy that.
As I understand the US classification system
there's
"unclassified"
"confidential"
"classified"
"secret"
and
"top secret"
Anything in the last three requires its own separated network for transmission, but "confidential" and unclassified can for example, be sent via encrypted email from a standard PC.

All connections to unclassified networks or systems are often required to go through high assurance gateways, switches, VPN's, etc. Hence, it actually does take a military grade platform to protect secrets of any kind. The only difference between a Confidential and Top Secret system is the level of assurance: how easy is it to break? Type 1 and Type 2 systems go through a whole system NSA certification process that says they are very difficult to break. Anything less is insecure. It's that simple. Else, Redphone would be approved for transmission of classified information. Currently, these apps aren't approved for even Confidential information and maybe not Sensitive But Unclassified information. That's pretty weak, imho. I wouldn't use it if I was the kind of person who actually had to worry about eavesdroppers.

You'd really expect software in version 0.2 to have gone through any kind of external validation?
Jeez, I wouldn't even expect something that early in development to have gone through an internal audit, since most pre v0.5 software is usually just proof of concept stuff thats gets entirely re written further down the development cycle.

Side note: Good call on Skype. I've advised clients to avoid it for the use of transmitting sensitive information. The combination of crypto they can decrypt and rootkit behavior at the client side lead me to believe Skype is untrustworthy at best and malicious at worst. There is a decent amount of circumstantial evidence that Skype might be an NSA front now, like Crypto AG in Switzerland was (and still is lol). I'll let others draw their conclusions on the research, but my take is "why take the risk and put so much trust into Skype's servers if I dont have to?" Ya know?

Skype - NSA front?
http://ultraparanoid...-skype-is-evil/

Why hypothesize? They leaked.
http://cryptome.org/...y/skype-spy.pdf

Edited by mSparks, 01 February 2011 - 05:19 PM.


#20 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 22 December 2011 - 01:12 PM

Acquired by Twitter:
http://www.infoworld...-systems-180174

TextSecure on github
https://github.com/whispersystems

Others to follow.




BinRev is hosted by the great people at Lunarpages!