New Secure Smart Phone App

It's hard not to poke fun at this press release for Safeslinger, a new cell phone security app from Carnegie Mellon.

"SafeSlinger provides you with the confidence that the person you are communicating with is actually the person they have represented themselves to be," said Michael W. Farb, a research programmer at Carnegie Mellon CyLab. "The most important feature is that SafeSlinger provides secure messaging and file transfer without trusting the phone company or any device other than my own smartphone."

Oddly, Farb believes that he can trust his smart phone.

This headline claims that "even [the] NSA can't crack" it, but it's unclear where that claim came from.

Still, it's good to have encrypted chat programs. This one joins Cryptocat, Silent Circle, and my favorite: OTR.

Posted on October 15, 2013 at 12:37 PM • 28 Comments

Comments

ScottOctober 15, 2013 1:46 PM

It's a cool idea, although I don't have a whole lot of confidence in the security of my phone in the first place. I figure someone has all my stored passwords and private keys on their server.

JoseOctober 15, 2013 3:28 PM

That the program comes from an academic enviroment or university, doesnt mean nothing about trust... I will not trust this program due it is being launche from carnegiemellon univ... no way...

Clive RobinsonOctober 15, 2013 3:29 PM

@ a,

    ..did you just say OTR is as flawed as cryptocat?

No he did not as you well know...

I guess a little sarcasm does not make it these days unless it's got emoticons ;-)

Clive RobinsonOctober 15, 2013 3:39 PM

So a serious question for people to consider,

    How do you know who you are speaking to on the phone?

It's only when you start thinking about it seriously that you realise just how trusting human beings are...

ScottOctober 15, 2013 3:50 PM

@Clive Robinson

The intention is that you exchange keys face to face.

See: http://www.cylab.cmu.edu/safeslinger/...

Now, how do you know someone who you have known for 10 years is not actually an undercover agent? I suggest infiltrating all organizations who would place an undercover agent close to you.

JavierOctober 15, 2013 4:21 PM

"Researchers say the app uses a passphrase which only the user, and the other party can know."

A passphrase...... I can see the NSA go into panic....

Dirk PraetOctober 15, 2013 5:39 PM

This doesn't sound very reassuring:

"We gratefully acknowledge support given to this project. This research was supported by CyLab at Carnegie Mellon under grants DAAD19-02-1-0389 and W911NF-09-1-0273, from the Army Research Office, and by support from NSF under award CCF 0424422, and CNS-1050224, and by gifts from Google."

Granted, they're not alone in that field. Tor is there too. And I suppose the NSF is the US National Science Foundation, not the Swedish National Socialist Front.

Then again from the FAQ page:

Which Agencies or other third-parties have access to my information in SafeSlinger?
"There are no backdoors in our system. SafeSlinger does not provide backdoors to access any of your data, messages or contacts."

Putting up our tin foil hat, we also need to ask the question "does it provide backdoors to access your key(s)", which is prominently missing from the statement. That's what you get when becoming used to word games by corporations, governments and spy agencies. But in the end, that's not even the main problem: although every new secure messaging app is more than welcome - especially if it survives some serious testing, analysis and auditing -, the main problem with any US based product or service is that it suffers from IbL: Insecure by Law. (or ObL: overruled by law ; pun intended)

The moment the provider/vendor receives an NSL to put in a backdoor, it's pretty much game over for everyone. In the current state of affairs, one prominent user under scrutiny can be all it takes, and the moment the app gains enough traction among the general public, it's probably just a matter of time before they are inducted in to the PRISM family. So until the source code is released (promised for end 2013), audited and the binaries made available in Google Play and App Store reverse engineered and found to be OK, there is no reason to trust any claim about SafeSlinger security whatsoever.

The same goes for any other app making claims to be "NSA proof", by the way. I know that's a hard verdict for a project that's probably being done with the best of intentions, but this is unfortunately the reality of today. And for the usual suspect(s) countering that other nations are probably doing the same thing: maybe, perhaps, depending on where it comes from, who can tell ? But at least for the US we know for sure. Thanks to the NSA and Ed Snowden.

kingsnakeOctober 15, 2013 5:40 PM

"claims that even [the] NSA can't crack' it, but it's unclear where that claim came from."

Easy: Marketing. The 5th level of hell ...

PeterOctober 15, 2013 6:17 PM

Encryption apps maybe nice for personal use, but not for the real thing. Don't forget that smartphones are really vulnerable at the operating system and hardware level. That's why smartphone encryption at least should be rooted in hardware, for example having the crypto engine on a secure memory card, or having a processor that can handle multiple OS.

65535October 15, 2013 8:26 PM

If I am reading the CMUcylab11021 pdf correctly, it still has the central key location problem as all encrypted email services within US jurisdiction (in addition to the funding from the Army Research Office and Google).

All the NSA needs to do is to deliver a legal notice and gag order and request the keys from the server owner-operator. Then decrypt and copy the messages. Here is the key items from the paper:

“When a user wants to send a message, we pass to our server: a message retrieval token; the push token and notification type (C2DM or UA/APNS) of the recipient; an OpenPGP message containing text; identity, and file preview data; and optionally another OpenPGP message (up to 10 MB) containing the file itself. The two OpenPGP messages are stored in the server datastore for 24 hours before auto-deletion…”

Paragraph 2, 7.2.2 Messaging Server Construction, p 13

http://www.cylab.cmu.edu/files/pdfs/tech_reports/...

ElectricBoogalooOctober 15, 2013 8:54 PM

Peter • October 15, 2013 6:17 PM Encryption apps maybe nice for personal use, but not for the real thing. Don't forget that smartphones are really vulnerable at the operating system and hardware level. That's why smartphone encryption at least should be rooted in hardware, for example having the crypto engine on a secure memory card, or having a processor that can handle multiple OS.

Unfortunately the crypto engines supposedly on secure memory cards are really just marketing flimflam. The big one that comes to mind is the Coolspan TrustChip. Our company evaluated it a while back and it was clear the chip wasn't doing much except at call setup. It wasn't in use during phone calls, despite what their sales guy told us.

We looked at some of the other vendors out there, but most of them are just Java SmartCards for ID management, and every other secure call app lacked a real hardware root. Perhaps ARM TrustZone will allow a new generation of super secure apps that can trust the hardware and the OS. Right now, it appears something like zitmo could just hook the microphone and bypass the apps on the market while recording your unencrypted call.

mcjtomOctober 15, 2013 9:18 PM

Could any one comment on TorChat? Is there any critical analysis of its vulnerabilities?

In principle, unlike other 'secure' chats, it relies solely on Tor hidden services, the way I understand it. Transient keys, no passwords to steal.

mcjtomOctober 16, 2013 7:51 AM

It's cute that people think that an android smartphone app can somehow resist a L3+ adversary. Pro tip - Android (and I am sure the others are just as bad) is a security nightmare. We have binary blobs in there for many of the sensor drivers, a completely proprietary baseband and a platform that can't even stop Trojans from appearing in their own app marketplace. Add in carrier IQ and cell company firmware mods for E911 (very misleading as it is carrier and not user initiated, e.g. not turned on solely after dialing 911)...

How can you build a trusted app when the foundations are rotten to the core?

Alan KaminskyOctober 16, 2013 7:52 AM

@Dirk Praet:

The moment the provider/vendor receives an NSL to put in a backdoor, it's pretty much game over for everyone.

Use deniable encryption. The backdoor provides a ciphertext, plus a key that decrypts the ciphertext to plausible but innocuous data. The real key, known only to the communicating parties, decrypts the ciphertext to the real data.

I never thought that deniable encryption would be needed in the U.S., the land of liberty . . .

WinterOctober 16, 2013 8:49 AM

Now that everybody knows about the second layer in TrueCrypt, isn't it time for an option to add more layers?

Say, Gint (Gint is not TrueCrypt)

Mike the goatOctober 16, 2013 3:22 PM

Wow, that's seriously weird. The *second* comment attributed to "mcjtom" was actually submitted by me (beginning with "It's cute"). Weird.

WolfOctober 16, 2013 5:02 PM

Bruce - I'd like to know how you think we can make progress at all in security/cryptographic research if we consider attacks _it can not_ defend against and is _explicitly developed not_ to defend against.

Your attack on their methods means their assumption that the cellphone is safe is wrong.

Well, where can we store private keys? In our heads?

Then I can laugh at you and say, how stupid, they'll just torture it out of you.

The real contribution of this work isn't to be bulletproof, nor do they claim that.

It is in a _usable_ crypto system utilizing best practice public-key cryptography.

This attack/post is a bit unwarranted, and unfair. I expect more than paranoid, knee-jerk reactions.

You didn't even appear to read the paper/research work.

PeterOctober 16, 2013 5:28 PM

@ ElectricBoogaloo

I don't know whether your company has also evaluated the secure memory card crypto engines from the Swiss manufacturers Crypto AG and Omnisec. These are companies with a high standing regarding to crypto products.

I guess the ARM TrustZone will be one of the safest solutions, as this is used in the smartphones with GD Protected, the encryption suite made by General Dynamics for use by the US government and military.

SkepticalOctober 16, 2013 5:38 PM

If I am reading the CMUcylab11021 pdf correctly, it still has the central key location problem as all encrypted email services within US jurisdiction (in addition to the funding from the Army Research Office and Google).
All the NSA needs to do is to deliver a legal notice and gag order and request the keys from the server owner-operator.

Somewhat tangential, and I don't want to derail the technical discussion, but I'm not sure why anyone would consider US jurisdiction to be problematic relative to other jurisdictions. If you're a "US Person", getting a search warrant in the US (NSL won't let them look at the content of any messages), particularly for the interception of communications, isn't the easiest thing in the world. If you're not a "US Person", the limits on what surveillance intelligence agencies may conduct aren't likely to be any better in your country of residence. And the risk of the US government using acquired information for commercial espionage or harassment of dissidents is less than or equal to that of any other government. Frankly, all off the top of my head, I'd generally recommend the US over any other jurisdiction.

Separate question: how effective is such a program likely to be against eavesdropping by a private company or alternatively a government that does NOT have the ability to order SafeSlinger to cooperate? In other words, how reliable would this be for use by employees discussing trade secrets, or for Chinese dissidents?

KarIOctober 17, 2013 2:43 AM

There is another encrypting messenger worth looking at: Threema
Sadly, it's not open source, but it seems that the developer knows how security has to work.

Dirk PraetOctober 17, 2013 6:55 PM

@ Skeptical

If you're not a "US Person", the limits on what surveillance intelligence agencies may conduct aren't likely to be any better in your country of residence. And the risk of the US government using acquired information for commercial espionage or harassment of dissidents is less than or equal to that of any other government. Frankly, all off the top of my head, I'd generally recommend the US over any other jurisdiction.

Says who ? Are you somehow an expert on or have any specific knowledge of the differences in privacy laws between, say, the US and the EU ? My take is that you are just making assumptions based on what you believe is true. I see nothing but confirmation bias in your statements that are absent of any documented facts or references, which I consider a prerequisite in any intellectual discussion.

I live in a country that is deeply divided along linguistic lines, to the point that we have strict laws as to what language can be used in certain administrative and political contexts. A couple of years ago there was a serious row over French being spoken in a small town city council where according to statutes only Dutch was allowed. There was a strong and passionate defense by one of the French speakers argumenting that "French was the most beautiful language in the world". One of his Flemish colleagues at that point rather sarcastically pointed out that it was also the only language he knew.

Mike the goatOctober 18, 2013 12:06 AM

Dirk: I am going to take up a few characters just to say I agree with your post. :-)

SkepticalOctober 18, 2013 8:50 AM

@ Dirk

Well, over the recent years I've glanced at the laws and the issue in several countries other than the US, including Germany, France, UK, Australia, Netherlands, Italy, and a few others. I'm certainly not asking anyone to take my word for anything, and neither am I going to compile a survey of electronic surveillance law. I will see if I can easily find a survey compiled by someone else though, and cite it here if I find one.

Do you know of a more favorable jurisdiction than the US? If so, what is it? More than happy to read contradictory information!

As to confirmation bias in any direction, I don't believe I had any, but such biases can be sneaky, and I'm as human as anyone else. I rarely speak ex cathedra, especially since it seems to requires donning a rather odd looking hat.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..