Firechat

Firechat is a secure wireless peer-to-peer chat app:

Firechat is theoretically resistant to the kind of centralized surveillance that the Chinese government (as well as western states, especially the US and the UK) is infamous for. Phones connect directly to one another, establish encrypted connections, and transact without sending messages to servers where they can be sniffed and possibly decoded.

EDITED TO ADD (10/1): Firechat has security issues.

Posted on October 1, 2014 at 2:25 PM • 27 Comments

Comments

JoeOctober 1, 2014 3:01 PM

Firechat requires users to create an account and does not encrypt messages in transit or on the device. As police stand quite close to active protests, it would be trivial to intercept messages, spread falsehoods, and track unique bluetooth/wifi identifiers. Even the creators do not recommend using it for secure communication.

Analysis here:
https://citizenlab.org/2014/07/iraq-information-controls-update-analyzing-internet-filtering-mobile-apps/#part2

I do hope interest in this space creates software that can offer some level of security to its users. Serval Mesh seems to be a step in this direction.

Jesse ShapiroOctober 1, 2014 3:09 PM

As others have pointed out, this isn't really secure against snooping.

What it is secure against, and this is what makes it useful, is centralized censorship.

ByemOctober 1, 2014 4:15 PM

As far as snooping goes, this just requires the Chinese government to build additional infrastructure if it doesn't already exist in order to centrally snoop and censor.

Bob S.October 1, 2014 5:00 PM

100,000 downloads in 24 hours. There must be something good about it then!

World governments, for a variety of reasons, have set themselves against their own citizenry when it comes to electronic communication.

This is the kind of fast footed technological breakthrough we need to recover some of our privacy and security.

I say ...well done!

FrenzOctober 1, 2014 5:49 PM

While I understand a certain lack of interest from the carriers' side in developing/distributing such software, I don't quite understand the lack of interest of "the (open source) community" to develop such a mesh-network-enabling software, possibly with features surpassing what is currently provided (by philanthropic companies?!), like security. While the actual distribution will be difficult ("I don't trust this software" etc), an open source-approach putting a stronger focus on end-users, instead of the usual (mesh-) networking enthusiasts and geek-crowd, would be so welcome, for all kinds of scenarios (communication during disasters, protests, large gatherings regularly overloading centralized infrastructure etc).

John FOctober 1, 2014 6:16 PM

@Frenz:

I don't quite understand the lack of interest of "the (open source) community" to develop such a mesh-network-enabling software, possibly with features surpassing what is currently provided (by philanthropic companies?!), like security

Are you certain there's an actual lack of interest there?

Have you considered:

  • 1. That irrespective of where you're located, authoring a successful app along those lines is going to bring yourself (and your family) to the attention of those in authority;
  • 2. The US and other government's apparently liberal use of coercion in conjunction with gag orders and a near-continuous invocation of the states secret clause in court, giving them the de-facto authority to require an to backdoor their software for the governments benefit;
  • 3. that the target userbase for such an application is necessarily going to consist primarily of scared, angry, and/or paranoid individuals, who are often well aware of 1 & 2 above.
  • I think you would find that many, if not most, people in the position to design such software on an individualized basis aren't willing to put up with the life-changing repercussions for themselves and their families that are likely to be associated with success in such an endeavor.

    dhwOctober 1, 2014 7:05 PM

    Has anyone looked at the solution provided by VirnetX? They have several patents covering secure communications and have declared them essential for 4G LTE-A. The principals were with SAIC and developed the technology for use in the Secret Internet Protocol Router Network (SIPRNET), used by the DOD for TOP SECRET communications.

    ThothOctober 1, 2014 8:59 PM

    Here are some of my comments and suggestions posted on recent Friday Squid:
    https://www.schneier.com/blog/archives/2014/09/friday_squid_bl_443.html#c6679818

    Esssentially, Firechat is a good (newbie friendly) jump off point but they should upgrade to more secure variants like Serval and Commotion project implementations and dump off Firechat for good.

    By the way, Bittorrent Sync should not be used due to the suspected protocol weaknesses as I attempted to explain in the same Friday Squid post somewhere or in one of my comment post.

    Mesh technology for secure and robust communications would be in high demand.

    AdjuvantOctober 1, 2014 10:11 PM

    CJDNS, Project Meshnet, and Hyperboria

    While I'm entirely open to alternative options that more qualified evaluators than myself might suggest, the most promising solution I've personally found in this area is the Project Meshnet/CJDNS/Hyperboria project-cluster, which is designed to offer fully-decentralized yet global routing and end-to-end encryption. It's not yet ready for mass one-click adoption, but this seems like the perfect opportunity to give development a jump-start. I'm sure the folks in Hong Kong would do far better with this than Firechat, if it can be pushed into full-blown production. There are already operating meshnets in several dozen cities worldwide, but none in China.

    This project needs a massive PR effort to get the word out and mobilize support. Critiques of its security model and implementation would be effort well-targeted. As far as I can tell, this is the best-of-breed solution (though please tell me if I'm wrong!).

    (Previous threads mentioning these projects: here and here)

    Key Sites:

    github.com/cjdelisle/cjdns
    www.projectmeshnet.org
    wiki.projectmeshnet.org
    hyperboria.net
    reddit.com/r/darknetplan
    irc.efnet.org/#cjdns

    Here's the best practical primer
    And here's the draft of the above document with Reddit commentary.

    To excerpt:

    Cjdns is the protocol behind Project Meshnet that makes it all possible. It is the only meshnet protocol available that offers fully distributed and yet still global addressing. This means that any meshnet node running Cjdns will interconnect with any other Cjdns node automatically, that no central authority or control of any kind is necessary, and that all Cjdns meshnets are compatible by their very nature. In fact, there is really only ever one single global Cjdns meshnet, even if some parts of it are not currently linked to some others. The moment they are linked, they will function as one, and yes, global also means that it can and will scale to the entire planet.

    Cjdns also includes secure end-to-end encryption built in to the protocol at the very lowest levels. In fact, the encryption is part of what allows for the global distributed addressing. When a new Cjdns node is set up, a cryptographic key pair is generated and the node's IP address is derived from that key. Any communication to your node is automatically encrypted with your key (it's how the protocol works, there is literally no other option), and communications with any other IP address can be cryptographically verified as secure and genuine by comparing the keys used to the address itself. What this all means is that nobody on the meshnet can see your private communications except for you and the node you are actually communicating with. Ever.

    And from https://wiki.projectmeshnet.org/Cjdns:

    Security
    The belief that security should be ubiquitous and unintrusive like air is part of cjdns core. The routing engine runs in user space and is compiled by default with stack-smashing protection, position-independent code, non-executable stack|, and remapping of the global offset table as read-only (relro). The code also relies on an ad-hoc sandboxing feature based on setting the resource limit for open files to zero, on many systems this serves block access to any new file descriptors, severely limiting the code's ability to interact with the system around it.[11]

    Anything better out there? If not, I'll put this forward as an excellent target for those who can contribute.

    AdjuvantOctober 1, 2014 10:19 PM

    Addendum: Commotion
    By comparison, Commotion as mentioned above by Thoth:
    https://commotionwireless.net/understanding-commotions-warning-label/

    Does not provide strong security against monitoring over the mesh

    Why Commotion Can't
    The current stable release of Commotion has its mesh traffic encrypted (WPA-None) with a generic password. Because of this, any Commotion router can join any other Commotion mesh. This means that anyone with a Commotion router or access to our completely open source code can monitor the traffic over a Commotion mesh. You can prevent this casual snooping by getting together with those you will be meshing with and setting your own secret password for mesh encryption. You can also use the tools that were linked above to secure your communications over the mesh so that there are multiple levels of encryption preventing someone from snooping.

    ThothOctober 2, 2014 1:23 AM

    Just to add a little precautionary warning, mesh networks make heavy use of multicast messaging which is not very assuring in design. The ideal design at the highest assurance would be you are the other guy negotiate and exchange your symmetric keys face to face but due to the need to coordinate on a mass scale in a fire and forget manner, security is much lax. For mass broadcasting of messages, you may use those mesh tools that have crypto that are proven but for higher levels of security, it is still wise to exchange your keys in person.

    Andrew_KOctober 2, 2014 3:53 AM

    Each time I look at these solutions, I find myself pondering on how to implement proper authentication in spontanous scenarios where participants don't know each other in advance.
    If one would use a common secret, how do you protect it from being snooped by the police?

    Anon IndianOctober 2, 2014 4:03 AM

    Thank you guys (and gals ?) for an informative discussion on mesh networks. Yes, there are many issues and bugs but I hope that truly secure mesh networks become a reality sooner rather than later.

    ThothOctober 2, 2014 7:21 AM

    @Andrew_K
    Firechat and these mesh chatting programs would likely be used as some kind of broadcasting system like how the protesters are using Firechat in Hong Kong to broadcast information on their protest.

    If a conversation is required for secrecy and above, it is best to meet face to face (in the case of the protest) than to simply spill encrypted or plaintext messages due to nature of the network being open to everyone.

    ThothOctober 2, 2014 7:25 AM

    @Andrew_K
    I forget to mention that the Chinese have release their malwares onto phones in that will be typical of any Govt trying to subjugate the masses for their own ends. If the endpoint security is weak / insecure, it would end up as yet another Tor network where agents can be sitting at endpoints and observing data and metadata moving around. Since the program is freely available, TLAs might even modify them and host their own nodes in between to do their stuff.

    The first step to any security is endpoint security.

    AOctober 2, 2014 10:37 AM

    Confused as to why Firechat is being billed as a "secure" form of communication at all. Most (if not all) of its transmissions are in the clear. There is currently a pretty well functioning solution for encrypted texting and voice on the smartphone, it is with the Android apps Textsecure and Redphone. They just put out an intercompatible version called Signal for iPhone as well which doesn't yet including the texting feature but apparently will soon.

    The notion of communication with people with smartphones outside the cell network is interesting, as long as they use encryption properly too and don't just use essentially a security through obscurity framework.

    56h5h5h5h56hOctober 2, 2014 7:18 PM

    Most of these end-to-end javascript based encryption solutions are vulnerable to MITB everywhere and poor storage protection on mobiles..

    It's marketing and venture capital people contracting the lowest bidding developers to develop 'secure' solutions..

    hwertzOctober 2, 2014 9:42 PM

    "I don't quite understand the lack of interest of "the (open source) community" to develop such a mesh-network-enabling software, possibly with features surpassing what is currently provided (by philanthropic companies?!), like security"

    There's interest, there's been intense research for decades in terms of how to get data over the air as succesfully as possible as well as mesh networking techniques. Turning this into something easy enough to setup and use is another matter (which FireChat successfully does.)

    Encryption's definitely a good idea. Although the key exchange would involve quite a bit of back-and-forth communications compared to tossing along a message and possibly having it acknowledged. You would not be able to join a group chat without approving each user either, since you would not have each other's keys to send encrypted messages otherwise.

    ThothOctober 2, 2014 9:42 PM

    @A
    I don't think Redphone, TextSecure or Signal are made to do mesh networking yet.

    PacoBellOctober 3, 2014 11:59 PM

    A better project than all those mentioned so far, in my personal opinion, is the SPAN Project [1]. It functions at Layer 2, so it's agnostic to any of the higher level protocols above it, much like the official IEEE 802.11s mesh networking standard. This means that you're not locked into the few, limited apps bundled with other application-layer routing solutions. The only problem so far is limited device support due to only one wireless chipset being actively supported.

    If Google was serious about mesh, they should have put their development muscle behind either the age old ad-hoc mode (which already enables plenty of mesh routing protocols like batman-adv, olsr, etc.) or the proper 802.11s spec, which has been finalized since August 2011 [2]. Instead, we've got a half-solution in the form of the Wi-Fi Alliance's Wi-Fi Direct, which is a poor fit for dynamic mesh environments [3]. I'm interested to see what the implementation of the upcoming 3GPP Release 12 LTE Direct technology will look like and whether it will be amenable to open application development [4]. Apparently, it's range is good for ~500 meters as opposed to Wi-Fi and Bluetooth's 100 meters. It's potentially game-changing, considering that already covers one of my local city blocks.

    [1] https://github.com/ProjectSPAN
    [2] http://grouper.ieee.org/groups/802/11/Reports/802.11_Timelines.htm#tgs
    [3] http://blog.cozybit.com/why-mesh-peering-is-faster-and-more-reliable-than-wifi-direct/
    [4] https://www.qualcomm.com/products/lte/direct

    56h5h5h5h56hOctober 4, 2014 5:19 PM

    @56h5h5h5h56h: Wow people are making basic security engineering laziness look like quantum mechanics..

    Don't embed an encryption system and it's storage in a software that gives ANYBODY a nice little DLL interface to do ANYTHING to said encryption system in real time and that is undetectable to the remote host. DONE

    Leave a comment

    Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

    Photo of Bruce Schneier by Per Ervland.

    Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.