Secure Communication Comes To Android 150
An anonymous reader writes "Forbes is reporting that Moxie Marlinspike and Stuart Anderson's startup, Whisper Systems, has released a public beta of two Android applications that provide encrypted call and SMS capabilities for your Android phone. In the wake of recent GSM attacks, it'll be interesting to see if smartphones end up providing a platform that fundamentally changes the security we can expect from mobile communication."
Sure it will (Score:2, Funny)
Just like encrypted email! Everyone uses that...
Re: (Score:3, Informative)
lol, I thought I was about to prove you wrong because I had STARTTLS enabled on our incoming mail server and was surprised to find remote MTAs using it as I'd turned it on to protect our users' outgoing mail authentication.
$ telnet mx1.hotmail.com 25
Trying 65.55.37.120...
Connected to mx1.hotmail.com.
Escape character is '^]'.
220 col0-mc4-f34.Col0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti [msn.com]
Re:Sure it will (Score:4, Informative)
TLS encryption only protects from the client to the server, you have no guarantees about the security of the server-to-server connection nor of the pop/imap server to receiving client. Only message encryption with an OpenPGP implementation or similar can offer that.
But Gmail may not support STARTTLS, but it supports IMAPS, and uses HTTPS by default in the webmail.
Re: (Score:3, Informative)
More importantly gmail does not support S/MIME, which is the widely supported signing/encryption mechanism for email. (although basically nobody uses it).
Re:Sure it will (Score:4, Informative)
Try a valid ehlo, rather than a bogus 'helo fuckface'. Some mail servers won't bother to honor starttls unless they are talking to a conforming server.
Re:Sure it will (Score:4, Informative)
Plus we can look at the impact done by availability of Zfone/ZRTP (this new encrypted VoIP standard from Phil Zimmermann) for Symbian smartphones (half of all smartphones)
Oh, nobody was aware of its availability? Exactly...
Re: (Score:2)
My friends, family, bank manager, solicitor, girlfriend etc just don't care enough to get it.
This *IS* ZRTP (Score:2)
Plus we can look at the impact done by availability of Zfone/ZRTP (this new encrypted VoIP standard from Phil Zimmermann) for Symbian smartphones (half of all smartphones)
That is also the case with this application.
The secure voice communication *is* done with ZRTP.
The secure texting is done with Off-the-record (already widely used in Adium, Pidgin and the likes).
Oh, nobody was aware of its availability? Exactly...
The more these (standard) technologies are deployed, the more they will get used.
As an example, Adium is a rather popular multi-system chat software for Mac OS (based on the same libpurple of pidgin fame) has Off-the-record (the same system as used by this software for SMS), and thus Off-the-record is starting to ge
Less useful (Score:4, Informative)
Re:Less useful (Score:5, Interesting)
While interesting, these apps aren't that useful because the other caller would have to be using the same software for it to work which limits it to just a few people using Android with these apps.
These apps may not be useful to *you*, but they will certainly be useful to governments, a few companies, and some of the more vigilant/paranoid tin-foil hat wearers among us. In any case, what we need is a free open source solution that does encryption.
The number of Android users is not that big right now, but Android is coming very fast from behind [gartner.com], and with Google taking 0% of the commissions from their Market/App stores (leaving the entire 30% in perpetuity to the carriers/phone makers), I speculate that Android will really become the #1 dominant platform eventually.
Re: (Score:2)
As someone considering an Android device soon, that link was pretty interesting. I wonder if the growth will continue at anything close to that rate?
Re: (Score:2)
For most rigorous values of "continue" - of course not ;p
But long term it will surely be one of few major players (add bada OS to that list - Samsung seems to bet heavily on it, with the goal of having very large part of total sales using bada in a year or two; and just look at this total). I must say I prefer such situation way more from what we have on the desktop.
Re:Less useful (Score:5, Funny)
Uh, so?
You know, telephones aren't terribly useful, either. Because the person on the other end has to have a phone as well. Completely impractical compared to yelling.
Re: (Score:2)
Re: (Score:2)
Re:Less useful (Score:5, Funny)
Me, my wife, and my daughter.
The reed player in my band (the other three players have iPhones or non-smart phones).
I was at a school board meeting earlier in the month and the soccer mom sitting next to me had a Droid. The kid who lives next door and who has bragged to me that he owns an Xbox, a PS3 and a Wii has an HTC android phone. He says "iPhones are for pussies".
I passed that last part along for informational purposes only. I do not endorse that sentiment in any way, mostly because I wouldn't want some offended iPhone user to give me such a slap.
Re: (Score:2)
Re: (Score:2)
Ok, how many people do you know that have Android phones?
http://www.marketwatch.com/story/android-market-share-passes-iphones-npd-data-2010-05-10 [marketwatch.com]
Re: (Score:2)
Ok, how many people do you know that have Android phones?
About half of my closest co-workers. At my previous job, it was only 20% of my co-workers, while 60% had iPhones (including me at the time). My impression is that among programmers, Android is really big, just like the iPhone was before it.
Open standard. (Score:4, Interesting)
... these apps aren't that useful because the other caller would have to be using the same software for it to work ...
From TFA:
Looks to me like the product uses defacto-standard encrypted communication tools and integrates them with the phonebook to make their use automatic when calling a contact with whom you can have an encrypted conversation.
So it looks to me like your encrypted communications wouldn't be limited to people using the same android app. You could talk to anybody using the same underlying "standard" scheme.
Off-the-record (Score:2)
In fact, the texting part uses Off-the-record [cypherpunks.ca], which is available on lots of software, including libpurple-based like Pidgin (as a plugin) and Adium (out of the box).
So if you configured an account able to receive SMS (like a SIMPLE or Skype account [google.com]) on these software, it already works.
And as the webOS chat module is libpurple-based it might not by that much difficult to bolt OtR on Palm Pre (some hobyist have successfully ported other libpurple plugins [palminfocenter.com] onto the Pre).
Re: (Score:2)
This is great news for Android but I feel will make the end users glow. Will the speak want more sneak and peek or demand decryption form the creators.
Re: (Score:2)
While interesting, these apps aren't that useful because the other caller would have to be using the same software for it to work which limits it to just a few people using Android with these apps.
Are you this guy [bayareamotorsport.com]?
I donno, people keep making them (Score:2)
There are several [a-gss.com] encryption programs [securevoicegsm.com] for Nokia's Symbian phones that work over GSM, but they don't look terribly compatible even amongst one another, which has presumably stymied adoption.
These two Android apps are compatible with Zfone [zfoneproject.com], which is SIP not GSM. So they should work with the commercial Zfone clients for Windows Mobile and Symbian [tivi.com], which covers the vast majority of smartphones outside the U.S.
I've found no Zfone port for the iPhone or BlackBerry but they're bit players outside the U.S. Maemo
Disappointed that they released w/o source code (Score:2)
Re: (Score:3, Funny)
Probably removing all the colorful comments :P
Re: (Score:2)
What I'm more curious about is why there hasn't been (AFAIK) an app that uses an asymmetric public-key encryption method. The solution from TFA takes the combination of the users' keys to generate a password, but couldn't you easily have a private key stored on the handset itself and a public key to interface with others? Granted, the hurd
Re:Disappointed that they released w/o source code (Score:5, Informative)
What I'm more curious about is why there hasn't been (AFAIK) an app that uses an asymmetric public-key encryption method. The solution from TFA takes the combination of the users' keys to generate a password, ...
Public key encryption is crunch intensive - even in the good direction. (It's "effectively impossible" in the "bad" direction, which is the whole point.) Too crunch intensive to be practical when encrypting streams, even with current fast processors.
So it's usually used to generate and exchange a "session key" (and perhaps periodically replace it with a new one) for a symmetric cypher that takes less crunch and is "secure enough" if the amount of material it encrypts is limited.
Re: (Score:2, Informative)
Off-the-Record (Score:2)
I'm interested in seeing how the key exchange is handled. After all, you can have a great encryption algorithm but if your implementation sucks, it won't do you any good.
For texting the implementation is Off-the-Record [cypherpunks.ca], which is already used in several other softwares (the libpurple-based Pidgin and Adium, for instance). The details of this are here [cypherpunks.ca].
Granted, the hurdle there would be things like losing the phone, getting new hardware, etc, but it's still interesting to think about.
Read OtR's website and their arguments about "Deniability" and "Perfect forward secrecy". Some of the problems are addressed in the way OtR works (as opposed to older encryption system such as pidgin-encryption).
Slashdotter's rejoice! (Score:2)
Re:Slashdotter's rejoice! (Score:4, Insightful)
Well okay but say you are in Iran or Thailand and you want organize an action against your government. Secure mobile communications would be pretty handy for that.
Re: (Score:3, Insightful)
Well, okay, but say you are the government of Iran or Thailand and you don't want anyone to organize anything against you. Outlawing secure mobile communications would be pretty handy for that.
Yes, your message is secure, but without some kind of steganographic method, the fact that you're using encryption is not. And neither are you, for that matter.
Re: (Score:2)
steganographic method
Thats true. Maybe something which hooks into a picture exchanging site like 4chan. Conceals messages in images so the recipient grabs new images before they go 404.
Re: (Score:2)
Thats true. Maybe something which hooks into a picture exchanging site like 4chan.
If I was the Iranian government, I'd probably burn people alive for even knowing about 4chan.
Re: (Score:2)
Thats true. Maybe something which hooks into a picture exchanging site like 4chan.
If I was the Iranian government, I'd probably burn people alive for even knowing about 4chan.
Are you the Iranian Government?
Re: (Score:2)
Thats true. Maybe something which hooks into a picture exchanging site like 4chan.
If I was the Iranian government, I'd probably burn people alive for even knowing about 4chan.
Are you the Iranian Government?
Alas, no.
Re: (Score:2)
Encrypted data looks like random binary data. Text messages do not. It would be fairly easy to distinguish the two.
Re:Slashdotter's rejoice! (Score:4, Funny)
Use your imagination. It is extremely trivial to make encrypted data look like text. Hell, you can even make it look statistically like english. You'd have that character limit thing to worry about, but I believe most phones these days "get around that" by transparently using multiple messages at once.
Re: (Score:3)
I believe it's either encrypted or looking statistically like text / english. "Texting language" might be of some considerable help, plus perhaps whole words of "texting" used as substitutes for symbols...but that still should be fairly trivial to filter (starting with messages of ungodly length)
Re: (Score:2)
Not at all. You first encrypt the message, then you 'encode' it in such a way that it then has english like properties. Your message length of course bloats but it should evade any sort of automated scanning setup. It's basically a form of stenography.
http://www.schneier.com/blog/archives/2010/03/natural_languag.html [schneier.com]
This is just the first link I found, but if you look around a bit you'll find more. Technically this is about disguising code as english, but the concept is very similar. IIRC that paper ac
Re: (Score:3, Informative)
Sorry, should have looked a bit more before posting:
http://www.nicetext.com/ [nicetext.com]
Far more relevant link. In particular, note the papers listed in the left column.
Re: (Score:2)
That's what I said..."whole words of "texting" used as substitutes for symbols". But that still doesn't look like written text, has totally different statistical properties; you...just use a different kind of symbols (after all, each letter in an sms is also not a single bit already)
So (what I also said) "that still should be fairly trivial to filter (starting with messages of ungodly length)"
Re: (Score:2)
No, it's more complex then you are giving it credit for:
Re: (Score:2)
I see, so it has a group of words for each symbol in ciphertext; picking appropriate word for each symbol to give whole ciphertext roughly proper syntax.
Much harder, but I wouldn't be too surprised if machine analysis turned out to be also decently straightforward - for example, by using in some way experiences with machine translation (should help in determining human/non-human) or...spam filters! (their messages look like that already, and we're still good at catching them) Also, we get into the problem o
Re: (Score:2)
It certainly does have some qualities of spam, I suspect that many spammers actually include text generated in similar ways in their messages in an attempt to appear more like normal correspondence. Bayesian filtering, the current preferred method of catching spam I believe, would be of limited use however, you'd have to know what dictionary they were using (spammers use dictionaries containing the word "viagra" with high probabilities for example), and if your dictionary was just a series of "text talk" c
Re: (Score:2)
I actually made one of these about five years ago, for a laugh. Encode some sentence stuctures as sequences of adjectives, verbs, nouns, adverbs etc etc. Then create some dictionaries of words starting with each letter that ft these categories (x, y and Z are tough). Then take binary data, encode as ascii letters (base 26), and pick a random sentence structure from your list. Fill out the structure with a word from your dictionary that starts with the current letter in your encoding stream.
Voila - english
Re: (Score:2)
Encrypted data looks like random binary data.
I thought that too, once. But apparently many encryption algorithms produce data that's recognizably more structured than real random data. So hiding it in images may not help if the snooper knows he should be checking images for possible encrypted messages.
Re: (Score:2)
It isn't all that hard to hide exactly what you are up to. It is harder to hide that you are hiding something. Any sufficiently evil regime will just make hiding someth
Re: (Score:2)
Any sufficiently evil regime will just make hiding something a crime
Ah yes [telegraph.co.uk]
Re: (Score:2)
That's demonstrably retarded thinking on behalf of the government. Criminal organizations are always going to be at the forefront of technology in order to achieve their goals.
Criminals today, not the thugs on the street, are pretty savvy. Even the most complex alarm systems are broken into, encryption and systems still have other vulnerabilities and backdoors.
I would be extraordinarily shocked
Re: (Score:2)
Criminals today, not the thugs on the street, are pretty savvy. Even the most complex alarm systems are broken into, encryption and systems still have other vulnerabilities and backdoors.
This, I think, may be the real reason cryptography in the US has never been strongly regulated. Somebody at the NSA realized you can't make sure government communications are secure if everybody's trying to hide the latest research from everybody else.
With the world's leading cryptographers publishing their research openly, everyone knows where they stand, and the NSA can react appropriately if a threat to US communication channels appears.
Re: (Score:2)
Probably, but encryption is still valuable to the victims of such regimes as one (of several) layers of protection, as the government discovering that you are (illegally or not) concealing information from them is not as useful to the repressive government as finding out the content of the encrypted communication.
Re: (Score:3, Insightful)
Really repressive governments are very skilled in the techniques of rubber hose cryptoanalisis (well, some of the formally not-repressive ones also are, as long as they can put the encrypted data being analysed in a legal limbo)
Re: (Score:2)
More effective, but less repressive, governments know that that method is far better at getting people -- guilty or not -- to confess and implicate a laundry list of "accomplices" -- guilty or not -- than it is at actually revealing what the target actually knows.
Actually, "really repressive" governments are generally aware of that, too, for the most part, though given that loyalty is valued far more than competen
Re: (Score:2)
Uhm, in case of breaking encryption that method usually doesn't have typical downsides. You either know the keys, which is good since you can give them. Or you don't know them...which is not so good for you.
Re: (Score:2)
There are ways to deal with encrypted data such that it's impractical to determine whether the key you've been given really decrypts all of the data. TrueCrypt has provisions for this.
Under torture, you can reveal the first key, which will decrypt valuable-seeming data (real or fake), but not the second key, which protects truly damaging information.
You might still fry, but your compatriots have a better chance.
Re: (Score:2)
I'm aware of hidden volumes of Truecrypt, but so are possible torturers almost certainly. That doesn't help you in such situation in any way. Might make it worse...
It all essentially boils down to - if you're dealing with such a regime, relying on encryption doesn't really work.
Re: (Score:2)
Re: (Score:2)
I'm okay with $10 per gallon gasoline under two conditions:
As long as that money actually goes towards develop
Re: (Score:2)
About time? It's pretty hard to be more wasteful than the US [wikipedia.org] (X axis), which per capita claims around 3 times more resources compared to the most lean places with similar standard of living.
Re:Slashdotter's rejoice! (Score:4, Informative)
Just a small comment, I don't think you can group Thailand with Iran when it comes to restricting/monitoring communications. They do block websites (trivial to get around if you want to) but they don't block dissent against the government in any way, and I'm guessing they monitor it less than the NSA monitors US citizens.
And that's beside the fact that you can get pre-paid mobile phones for the equivalent of $10 in cash with very cheap add-on minutes (also pay for those in cash) which for all practical purposes are untraceable, because if you're paranoid you can switch them around or whatever.
I'm defending Thailand because the foreign press has distorted what happened there recently quite a bit. It's nothing like Iran. People are free to protest the government, despite what it may seem after the violence recently in Bangkok.
Re: (Score:2)
Thailand is a bad example, the redshirts plot against the government by protesting in the streets as well as burning government buildings and large shopping malls. Besides, I'm not sure if you know too much about the actual problem causers (the western media has been horrible at reporting it, even the Beeb has been little better then Fox News) l
Re: (Score:2)
Except it wouldn't because they shutdown mobile base stations, telephone lines, electricity and water in the protest areas in Thailand.
What I'd like to see (a PGP/gpg variant). (Score:3, Interesting)
What I would like to see is a PGP/gpg utility for Android. The closest I can get to this is cross-compiling a statically linked gpg binary for ARM and running that in a terminal.
Re: (Score:2)
RTFA.
"RedPhone uses ZRTP, an open source Internet voice cryptography scheme created by Phil Zimmermann, inventor of the widely-used Pretty Good Privacy or PGP encryption."
Re: (Score:2)
Huh? I used to use PGP/GPG on my old PII all the time, damned near any cellphone you can get these days are several times as powerful. It's just a bunch of very common crypto primitives, I'm sure there already exist plenty of efficient implementations for ARM.
Actually, Android is more or less a linux machine isn't it? Why couldn't you just rebuild GNU GPG for it and hack together some quick and dirty interface? Has
We'll know it's pretty good when it's outlawed (Score:5, Interesting)
We'll know it's at least OK if the FBI and CIA start lobbying congress to outlaw it.
We'll know it's pretty good if the NSA starts lobbying congress to outlaw it.
The government is absolutely convinced that law enforcement will come to a screeching halt if people can communicate casually without being subject to eavesdropping. This despite the courts' general distaste for such evidence (people rarely speak candidly in phone conversations regarding criminal enterprises and therefore establishing context and the meaning of codewords becomes a prosecutorial hurdle), and the paucity of successful prosecutions built primarily on the strength of intercepts.
So we've had cryptography treated as a munition. And clipper. And CALEA.
Of course, if the keys are on a server somewhere they can always just subpoena them.
Re: (Score:3, Informative)
Anyone have any later statements from them?
Re: (Score:2)
Wow, even they couldn't avoid the car analogy [cybercrime.gov].
Re: (Score:2)
Some people in government are, some people in government pretend to be to sell policies they wish to abuse for purposes other than the overt purpose, and some people in government don't even pretend to be. "The government" -- even referring to any single, particular government -- isn't a hivemind with a uniform point of view or agenda.
Re: (Score:2)
This is really not a problem. If the Gov't really wants access to your calls, they bug your room, bug your computer microphone, install custom phone firmware with a backdoor, etc. Usually all the Gov't cares about is the metadata: Who called who when. The conversations themselves are gravy.
Encryption stops casual snooping, and I highly recommend it's use, even against gov't level attacks. However, if the Gov't really is interested in you specifically, you're hosed no matter what countermeasures you use.
Re: (Score:2)
What's wrong with you? Its not about the FBI, CIA, NSA, courts, supoena, eavesdropping, munition or any of that. Look at this list you made up, I think you're paranoid.
Sheesh. I thought this was already obvious.
Its all to protect the good children and to stop the terrorist children.
Re: (Score:2)
If people could communicate casually without being subject to eavesdropping, no one's taillights would ever be burnt out again.
the solution is Klingon (Score:4, Funny)
it just reminds me that I really need to start speaking in Klingon more frequently.
Re:the solution is Klingon (Score:4, Funny)
I've been using Romulan for years and no one's been able to crack it yet.
Jolan tru!
Re: (Score:2)
I use Vorlon exclusively.
This does mean I have a tendency to speak in short, cryptic messages, and when people ask me whet time I'll be at a meeting I always reply "I have always been here".
Re: (Score:2, Informative)
Re: (Score:2)
Re: (Score:2)
then perhaps Go'auld might be better.
Re: (Score:2)
"Encrypted call" is misleading (Score:5, Insightful)
It's a VOIP app that encrypts the audio. Except the fact that the protocol itself is documented this is not materially different from skype which is also encrypted and has governments apparently scrambling to crack.
A truly revolutionary app would encrypt the phone's mobile call audio.
Re: (Score:3, Informative)
You said:
Except the fact that the protocol itself is documented this is not materially different from skype which is also encrypted and has governments apparently scrambling to crack.
A truly revolutionary app would encrypt the phone's mobile call audio.
TFA says:
Whisper Systems' apps aren't the first to bring encrypted VoIP to smartphones. But apps like Skype and Vonage don't publish their source code, leaving the rigor of their security largely a matter of speculation. Marlinspike argues that because those
Re: (Score:2, Informative)
For the same reason you don't see apps that record calls (google voice does somewhat, but is not doing so in the phone) you'll never see an app which encrypts the phone call. It's just not possible to route the audio through the processor of these phones. Therefore it truly _would_ revolutionary --since it's impossible by design.
Re: (Score:2, Informative)
A product like that came out a long time ago.
http://www.pgpi.org/products/pgpfone/ [pgpi.org]
I don't think it's supported much anymore. It was a cool concept that just didn't seem to go anywhere.
ft
Re: (Score:2)
Seems it might have been a bit ahead of it's time, as the majority of the work was done prior to the revelation that the US Government was massively spying on it's citizens.
Re: (Score:2)
Trying to re-assemble information after being passed through a lossy pipe is hard. I wouldn't want to tackle it - it has too many variables, and it would be too easy to detect and shut down.
Successfully solving these problems would be revolutionary - but also advanced enough that it could be considered magical.
Re: (Score:2, Insightful)
Trying to re-assemble information after being passed through a lossy pipe is hard.
It's called a "modem". We have had those things for years. You could treat cell phone audio like a lossy analog channel and run a robust modem over it. But what's the point?
If you want something that sounds speech-like, that's not a lot harder.
Re: (Score:2)
There are like three separate companies that sell Symbian apps (Nokia) for end-to-end encrypted called over the GSM network, well they're all made for Symbian because Nokia has all the business users outside the U.S. These encryption solutions are quite expensive however, closed source, and don't look that interoperable, so good luck picking the one that isn't owned by the NSA, Chinese Intelligence, etc.
Skype already provides authorities with "lawful intercept" capabilities, which means they provide your bu
How old is Skype? (Score:2)
Skype provides encrypted calls and SMS for how many years now? Oh, this is from Forbes...
Re: (Score:2)
Skype provides encrypted calls and SMS for how many years now?
But it's closed source and runs through an infrastructure that is subject to government pressure for disclosure.
probably not secure (Score:2)
It won't be secure unless the hardware, software and distribution are controlled, tracked and audited. Prove there isn't a hidden API in the RF modem that will dump RAM and the keys on command.
Re: (Score:2)
Why Not Use TOR As Well? (Score:3, Interesting)
Since it's going out as a VOIP call, why not route it via TOR? Yes, it would likely slow down the talking a bit (great, I could finally take notes while still keeping up with the conversation), but it would make it that much more difficult to track down the caller and/or recipient. Might also work for the SMS if it's using an Internet-based route instead of the actual cell system SMS.
Re: (Score:2)
The encryption for streaming voice data is not exactly the best, and Tor means possible third party interception. If someone does decrypt the conversation then just from your tonal range and dialect you are communicating significant information about your identity you wouldn't have to over email (you may even be providing a unique fingerprint). Phone numbers are much more identifying than IP addresses--cellphones can be easily triangulated from the data sent to the carrier, and have to be bought and activ
Re: (Score:2)
http://en.wikipedia.org/wiki/ZRTP [wikipedia.org]
http://en.wikipedia.org/wiki/Zfone [wikipedia.org]
Not the first implementation for mobile phones, too.
Re: (Score:2)
Well, the simplest is just to...make a call. GSM has a data channel; this thing [privatewave.com] does just that, for example.
Plus sms messages might just as well exchange the IP of already established connections, right?
Re: (Score:2)
Re: (Score:2)
Why do you suppose I'm not familiar with links I provide?...I didn't say it's what software from TFA does, just that it's one easy possibility (with example).
And I pointed out another straightforward one; if they can already send encrypted sms, why not use them for automatic IP exchange when initiating a call?
Re: (Score:2)