Silk Road forums
Discussion => Security => Topic started by: KeyserSoze on August 07, 2013, 10:37 am
-
How safe is it? Would you trust it?
-
How safe is it?
Would you trust it?
As safe as ZRTP allows. This is the protocol it uses to encrypt your communications. It does not work through Tor, as the connection is too slow to pass audio. This gives you encryption, but not anonymization.
I trust it more than any other proprietary product like Silent Circle. This program is completely open source and uses a well-thought out infrastructure. I would recommend Red Phone or Ostel (Guardian Project encrypted SIP program) for encrypted audio.
-
Agreed, I would trust it more than any proprietary encrypted audio solutions. I believe it's been reviewed fairly thoroughly by the open source community and the author, moxie, is fairly well trusted too.
-
Does it go through any 3rd party server or anything like that?
That would be my main concern.
-
Does it go through any 3rd party server or anything like that?
That would be my main concern.
Yes, it uses their servers to relay calls to/from callers. Now the audio is encrypted with your key so all the server can see is PGP encrypted audio. No different than using PGP encrypted e-mail. You should assume that the servers are compromised and setup your infrastructure accordingly.
They have been talking on his Github about rolling out binaries that allow you to plugin what server you want to relay off. This would be nice as it would allow you to host your own RedPhone server and relay all your calls thus removing the 3rd party from the equation.
-
Redphone and SecureText both rock. As said above, they won't provide you with any anonymity, and it will be obvious you are using encryption. But it is as secure as lip-to-ears imo (as secure as it gets).
Everything in Redphone goes thru the RedPhone server, but it is end-to-end encryption and they cannot decrypt your conversation. SecureText works on your regular SMS system, and does not use any third party servers.
-
100th post and now I can giva y'all plus ones ;)
-
Redphone negotiates keys with ZRTP to prevent MITM attacks, then it encrypts the call with SRTP end to end. The Redphone server is just a TURN-like server that relays encrypted packets, and they have relays set up all over the world except for parts of the middle east, and some areas of Eastern Europe. The TURN servers makes finding out who you are talking to difficult, because all anybody can see if they monitor the Redphone relays is a sea of bounced traffic all over the place. I would still talk using codes (but not talk in code.. it's incriminating) and never use any first names. Exchange fake names to use with each other before hand and don't leave any voicemail msgs. You'd think this would be obvious but don't use a bluetooth hands free device with Redphone.
Another problem is, what about the end devices. If there's all sorts of federal spyware running on the phone or backdoored carrier ROMs the encryption is pointless if you've been targeted by DEA or even the local cops. At bare minimum you could install CyanogenMod to wipe away the carrier backdoors, but you're still open to all sorts of other security issues too long to post here. FinSpy Mobile malware for law enforcement attacks phones using a fake update. This is simple to do when Google complies with court orders to feed you spyware through the play store silently.
There's another major problem which is your SIM card. A SIM is running it's own small operating system as a self contained system on chip. It can be OTA updated silently by the carrier to install malware to redirect mic input (or even root your android ROM) then feed it to the Android system where Redphone has no idea the voice has already been intercepted, it just does it's normal job encrypting and sending the packets. The only way to prevent this is get a foreign SIM card and hope they don't comply with local cops or DEA, or buy TurboSim or something similar, which is placed over top of the SIM and interrupts connections to the phone to filter traffic or prevent OTA updates, but you have to program it yourself in C or pay somebody to do it. Another solution would be to rip out the SIM and just use Wi-Fi, but now you are opening up your phone to Wi-Fi attacks. There is just no end to the security problems with leaky smartphones.
Another option is buy the Cryptophone by GSMK which is $1,000-5,000 depending which model you get. It's ridiculously priced because they have the only phone with a baseband firewall. A baseband is present on all smartphones and yet another self contained operating system that runs the GSM stack and talks directly with the carrier and handles everything like SMS and 3G/LTE. These O/S's are very old, like 1998 old and aren't running any sort of NX bit to prevent an attacker from running executable memory they've overwritten. Worse, they are running in "ARM supervisor mode" which is equivalent to running your desktop as root or administrator 24/7. This means federal spyware can now exploit the baseband to do evil things. One method they currently use is to bombard it with silent binary SMS (you will never know you've received one) and your phone will send silent acknowledgement of receipt each time. Effectively they are constantly pinging your phone to track you. German police did this 400,000+ times in 2010 https://www.eff.org/deeplinks/2012/01/privacy-roundup-mandatory-data-retention-smart-meter-hacks-and-law-enforcement
Another attack noted by Cryptophone users and developers (they are members of the Chaos Computer Club in DE) is at almost every airport around the world, their baseband firewall went off and shut down the GSM stack. Their regular firewall also reported Wi-Fi attacks. All airports are running some shady, stealth phone infiltration shit by their national spy agencies so turn your phone off when near an airport. You can guarantee DEA has fully set up the Bogota and Cali airports in Colombia with baseband, Wi-Fi, Bluetooth and FinSpy mobile attacks, and IMSI catchers to monitor all the lookouts there who's job it is to phone and warn the drug mule away if something looks wrong.
I could write another 10 pages on phone security but it's kind of pointless, don't use them. If you do, don't do any freedom jeopardizing conversations over them and assume it's constantly spying on you even if the battery is removed and act accordingly.
-
Redphone negotiates keys with ZRTP to prevent MITM attacks, then it encrypts the call with SRTP end to end. The Redphone server is just a TURN-like server that relays encrypted packets, and they have relays set up all over the world except for parts of the middle east, and some areas of Eastern Europe. The TURN servers makes finding out who you are talking to difficult, because all anybody can see if they monitor the Redphone relays is a sea of bounced traffic all over the place. I would still talk using codes (but not talk in code.. it's incriminating) and never use any first names. Exchange fake names to use with each other before hand and don't leave any voicemail msgs. You'd think this would be obvious but don't use a bluetooth hands free device with Redphone.
Another problem is, what about the end devices. If there's all sorts of federal spyware running on the phone or backdoored carrier ROMs the encryption is pointless if you've been targeted by DEA or even the local cops. At bare minimum you could install CyanogenMod to wipe away the carrier backdoors, but you're still open to all sorts of other security issues too long to post here. FinSpy Mobile malware for law enforcement attacks phones using a fake update. This is simple to do when Google complies with court orders to feed you spyware through the play store silently.
There's another major problem which is your SIM card. A SIM is running it's own small operating system as a self contained system on chip. It can be OTA updated silently by the carrier to install malware to redirect mic input (or even root your android ROM) then feed it to the Android system where Redphone has no idea the voice has already been intercepted, it just does it's normal job encrypting and sending the packets. The only way to prevent this is get a foreign SIM card and hope they don't comply with local cops or DEA, or buy TurboSim or something similar, which is placed over top of the SIM and interrupts connections to the phone to filter traffic or prevent OTA updates, but you have to program it yourself in C or pay somebody to do it. Another solution would be to rip out the SIM and just use Wi-Fi, but now you are opening up your phone to Wi-Fi attacks. There is just no end to the security problems with leaky smartphones.
Another option is buy the Cryptophone by GSMK which is $1,000-5,000 depending which model you get. It's ridiculously priced because they have the only phone with a baseband firewall. A baseband is present on all smartphones and yet another self contained operating system that runs the GSM stack and talks directly with the carrier and handles everything like SMS and 3G/LTE. These O/S's are very old, like 1998 old and aren't running any sort of NX bit to prevent an attacker from running executable memory they've overwritten. Worse, they are running in "ARM supervisor mode" which is equivalent to running your desktop as root or administrator 24/7. This means federal spyware can now exploit the baseband to do evil things. One method they currently use is to bombard it with silent binary SMS (you will never know you've received one) and your phone will send silent acknowledgement of receipt each time. Effectively they are constantly pinging your phone to track you. German police did this 400,000+ times in 2010 https://www.eff.org/deeplinks/2012/01/privacy-roundup-mandatory-data-retention-smart-meter-hacks-and-law-enforcement
Another attack noted by Cryptophone users and developers (they are members of the Chaos Computer Club in DE) is at almost every airport around the world, their baseband firewall went off and shut down the GSM stack. Their regular firewall also reported Wi-Fi attacks. All airports are running some shady, stealth phone infiltration shit by their national spy agencies so turn your phone off when near an airport. You can guarantee DEA has fully set up the Bogota and Cali airports in Colombia with baseband, Wi-Fi, Bluetooth and FinSpy mobile attacks, and IMSI catchers to monitor all the lookouts there who's job it is to phone and warn the drug mule away if something looks wrong.
I could write another 10 pages on phone security but it's kind of pointless, don't use them. If you do, don't do any freedom jeopardizing conversations over them and assume it's constantly spying on you even if the battery is removed and act accordingly.
Wow great post and thanks for this wealth of information. Should you ever write your 10 pages I hope I find it and read it as this is concern for everyone regardless of what you do in life.
On that note, and please keep in mind I'm a novice regarding this tech, is there any sort of rooted OS you could use on an Android device that would circumvent some of these security holes, or it basically an architecture / hardware issue that is basically unsolvable short of throwing your phone out the window of you car while doing 120kmh? And I can tell you this sort of shit really makes me want to do this. Welcome to 1984, only we actually carry it in our pocket, sigh...
-
For casual use, a smartphone with Cyanogenmod or another custom ROM to replace what your carrier installed when you bought the phone is fine so long as Wi-Fi is disabled when not in use. Just don't do any banking, and no illegal business conversations on it. Don't carry it around all the time if you're worried about tracking (example: delivery driver for a dial a dope operation) you need to drop it in a faraday cage or bag if you want to prevent tracking. You can buy these online or get a stainless steel martini shaker and keep it in your car :P Cops can remotely turn on the mic too (SIM card update) and record your conversations in a room, so don't leave your phone lying around while you conduct business.
iOS is definitely not any safer, nor is Blackberry. In fact they are worse being that they are proprietary blackboxes. I know for a fact US and Canada customs can plug in a Blackberry and unlock it immediately regardless of encryption or screen lock password strength. It's a built-in backdoor for law enforcement I've seen used countless times.
Here's a small list of phone insecurities for Android (lol 10 pages beginning) but these also apply to many other platforms including iOS. This doesn't even include the hardware vulnerabilities. A modern smartphone is essentially a network of a dozen little operating systems all on one device all from different manufacturers. You have Qualcomm baseband running it's own O/S, a MicroSD system on chip reader running it's own O/S ect. We the public only have access to the application processor/operating system (Android) unless you can order custom manufactured phones and have hundreds of thousands of dollars. You really shouldn't ever use a phone for business communications that law enforcement might be interested in even if using Redphone because there's so much attack surface. It's much better to hand your cocaine wholesaler a Liberte Linux CD or Tails and tell them to use TorChat or bitmessage with PGP. This avoids cocaine conspiracy convictions too if the wholesaler turns out to be an informant.
======begin paste========================
NATIVE CODE: Android apps can run native code via the Android NDK, and iOS apps are all native code, meaning they inherit the memory corruption issues that plague traditional desktop applications.
INSECURE IPC(inter-process communications): Android devices have special IPC mechanisms, like shared-memory Binders and Intent messaging. It's easy to use these to build features that appear to be internal to your application but are exposed to every app on the device. Both Android and iOS apps can expose themselves to network inputs. Both Android and iOS have APIs that allow programs to register URI handlers. This creates two risks: (1) that a malicious site can, through iframes or Javascript, covertly create links that will coerce the device into taking adverse actions (like sending a message or dialing a VOIP number), and (2) that malicious links could trigger vulnerabilities in the native code applications use to handle URIs. Developers often use these IPC mechanisms to send sensitive data between components.
FAIL-OPEN SSL: Mobile applications may fall back on insecure HTTP or allow self signed certificates without alerting the user, allowing any attacker on the network path (or in the same coffee shop) to inject traffic and exploit client-side vulnerabilities. All Guardian Project applications like Gibberbot are subject to this failt.
UNSAFE DATA STORAGE: Both Android and iOS make it easy to accidentally store data in nonvolatile storage without realizing it, making a stolen or LE confiscated device a security incident. Some mobile APIs also make it easy to store sensitive information in insecure preferences/settings stores instead of secure storage such as keychains. Mobile applications can also store valid application session cookies and authentication tokens long term.
BROKEN CRYPTOGRAPHY: Mobile apps are fat client apps and so often aren't bound by the limitations of the browser security model. This frees developers to experiment with crypto solutions to security problems. Developers virtually never get crypto right, and are almost always better off with the platform provided crypto libraries. Developers often implement broken cryptography when they realize the hazards of unsafe data storage.
OVER PRIVILEGE: Mobile apps can control your device. Mobile apps can take pictures with your camera. Mobile apps can read your location via GPS. Once they're allowed to do so by a user, so can attackers who compromise the application. SEAndroid limits this but you need to build it yourself.
SECRETS IN CODE: Because mobile apps are compiled code, it's easy for developers to assume that secrets stored in source code are hidden from attackers. Attackers will quickly harvest hardcoded passwords, crypto keys, and API secrets from mobile applications.
PLATFORM VULNERABILITIES: It is even harder to patch mobile devices than it is to patch desktops; mobile devices generally can't be updated without being plugged in or docked with a computer, some vendors may OTA update mobile OSs on a lagged schedule, and some problems can't be fixed without lengthy reviews. Developers need to prepare themselves to work around platform flaws, and code proactively to minimize the impact of those flaws and of course the vast majority of them don't, so new bugs are coming to light every day.
INSECURE LIBRARIES: Mobile app developers often use third party open source libraries for parsing file formats or enabling specific network communication. These libraries can be a source of vulnerability that expose your applications to attack. Your simple weather app can break your whole system by dropping in an exploitable library. If DEA scans your phone and sees you connecting to mobile back end weather server, they now know you have that library on your phone and can target it.
BINARY BLOBS: Graphics, GSM, Accelerometer and DRM .so files are all proprietary binary blobs we have no access too and have to trust they aren't exploitable.
-
It is actually fairly easy to prevent some modern devices from receiving OTR SIM Software. If you are serious about Android, you should know how to disable OTR SIM updates on most Samsung phones.
Also, the suggestion that cops can do this is a stretch. Your typical cop won't have access to technology anywhere near this advanced. You'll need a 3 letter agency against you before your cell will be remotely monitored.
Flatly, telling people to use a computer to communicate because they can't secure their phone is horrible advise. If you can't secure your phone, you sure as hell are not qualified to secure your computer.
And all these components do not run their own OS... the modem will have baseband firmware, yes, but this is not an operating system.
As for your pasted list of vulnerabilities - these are all endlessly more relevant on a Windows machine.
-
It is actually fairly easy to prevent some modern devices from receiving OTR SIM Software. If you are serious about Android, you should know how to disable OTR SIM updates on most Samsung phones.
You're confusing the Application processor (Android Operating System) with the separate SIM card System on Chip (SoC) operating system. http://www.extremetech.com/computing/161870-the-humble-sim-card-has-finally-been-hacked-billions-of-phones-at-risk-of-data-theft-premium-rate-scams this article does a good job of explaining what a modern SIM is, which has an O/S, Ram, EEPROM and applications running on it. The carrier's have full control over everything on it. If you dump the memory of one, you'll find a program designed to acknowledge Type 0 silent SMS which is part of the E911 mandatory tracking they put into phones years back. http://www.ivizsecurity.com/blog/security-awareness/silent-sms-how-i-know-where-you-were-yesterday-night/
The only way to prevent this, is use a foreign SIM, and hope they don't cooperate with your law enforcement, or something like this http://en.wikipedia.org/wiki/Turbo_SIM and then coding yourself a block of all Type 0 SMS acknowledgements or carrier OTA updates so they aren't passed to the real SIM. TurboSim is also a microcontroller running it's own operating system and you can code regular C applications on it or pay somebody to do it you trust is competent.
Android also has nothing to do with the baseband processor, which is typically manufactured by Qualcomm and is running a RTOS (Real Time Operating System) microkernel embedded that is running proprietary applications by Qualcomm (AMSS), typically 70-100 daemons/tasks which make up the GSM stack. Nobody has access to it unless you reverse engineer, dump the memory, and then inject code to re-write the memory with a debugging program (gdb) which you can then execute because there is absolutely zero security in baseband operating systems.
Also, the suggestion that cops can do this is a stretch. Your typical cop won't have access to technology anywhere near this advanced. You'll need a 3 letter agency against you before your cell will be remotely monitored.
They buy the software http://en.wikipedia.org/wiki/FinFisher and Gamma aren't the only game in town. Every single three letter agent that retired in last 3 years went and opened a private intel business because it's worth it's weight in gold. They contract exploits from VUPEN http://www.vupen.com/english/services/lea-index.php or other middleman brokers on the open market. They bundle this in an easy to use software deployment method and then train the cops how to push a button and own the victims phone. Watch the leaked promo videos
http://youtu.be/n5ZJUXweayo not to mention the IMSI catchers the FBI are running, and now most likely in house development because it's paying off huge dividends for them. Everybody is getting busted by their phone now and the tracking evidence used in court.
In some cases, the update channel for the phones will cooperate with LE, and feed the user the Finspy software silently without them having to agree to anything. Play store, or the local carrier can be convinced to include the spyware in it's next OTA update. Failing that, have the carrier install the spyware silently on the SMS card. They have full remote access to it. http://www.schneier.com/blog/archives/2013/04/fbi_and_cell_ph.html in these court cases, the FBI got the carrier to reprogram the 3G internet mobile stick or "aircard" of a suspect to enable location software to find him. He was just a fraudster running some petty scam. Do not underestimate the cops anymore, even a tiny hicktown in North Dakota has a cop with access to post 9-11 advanced spyware or can pick up the phone and work with DEA to take out petty weed dealers. It's not much effort, just push a button and phone is backdoored.
Flatly, telling people to use a computer to communicate because they can't secure their phone is horrible advise. If you can't secure your phone, you sure as hell are not qualified to secure your computer.
Nobody can secure a phone. Not even Cryptophone GSMK in Germany who even advocate you should always talk using code regardless of encryption of voIP. The NSA released a recommended architecture early this year on how to build your own secure Android based infrastructure. It's not cheap, and it requires centralization something no drug dealer can do because feds will just arrest whoever runs the infrastructure and coerce them into cooperation. The phones themselves are basically reduced to dummy devices that don't allow any SMS or updates without re-provisioning.
So yeah, it'd be much safer to hand Pablo Escobar your copy of LIberte LInux and tell him to use Torchat, or even PGP email with it instead of talking on a phone.
As for your pasted list of vulnerabilities - these are all endlessly more relevant on a Windows machine.
Except I never recommended Windows, I recommended a Live CD like Tails/Liberte. Also Windows at least has basic protection of NX bit. Windows also isn't running in administrator 24.7 anymore, baseband operating systems are.
-
You're confusing the Application processor (Android Operating System) with the separate SIM card System on Chip (SoC) operating system. http://www.extremetech.com/computing/161870-the-humble-sim-card-has-finally-been-hacked-billions-of-phones-at-risk-of-data-theft-premium-rate-scams this article does a good job of explaining what a modern SIM is, which has an O/S, Ram, EEPROM and applications running on it. The carrier's have full control over everything on it. If you dump the memory of one, you'll find a program designed to acknowledge Type 0 silent SMS which is part of the E911 mandatory tracking they put into phones years back. http://www.ivizsecurity.com/blog/security-awareness/silent-sms-how-i-know-where-you-were-yesterday-night/
No, I am not confused. I assure you I know exactly what I am talking about. You can absolutely prevent dangerous SIM updates in firmware.
Android also has nothing to do with the baseband processor, which is typically manufactured by Qualcomm and is running a RTOS (Real Time Operating System) microkernel embedded that is running proprietary applications by Qualcomm (AMSS), typically 70-100 daemons/tasks which make up the GSM stack. Nobody has access to it unless you reverse engineer, dump the memory, and then inject code to re-write the memory with a debugging program (gdb) which you can then execute because there is absolutely zero security in baseband operating systems.
I never said Android generically, I said Samsung phones And I meant Samsung phones with both Qualcomm and Exynos chips. There is absolutely a method of preventing the attack you mention.
In some cases, the update channel for the phones will cooperate with LE, and feed the user the Finspy software silently without them having to agree to anything. Play store, or the local carrier can be convinced to include the spyware in it's next OTA update. Failing that, have the carrier install the spyware silently on the SMS card.
Google services/Play store and OTR updates should never be installed on a secure android system. And again, the "silent spyware by OTR SIM card OS update" can be blocked - easily.
As for your pasted list of vulnerabilities - these are all endlessly more relevant on a Windows machine.
Except I never recommended Windows, I recommended a Live CD like Tails/Liberte. Also Windows at least has protection of NX bit and against writing memory arbitrarily and executing it. Windows also isn't running in administrator 24.7 anymore, baseband operating systems are.
Fine. They are endlessly more relevant for Linux and MacOS installs as well. Stacking them against 'mobile developers' is retarded when they affect all hardware/software systems quite equally. And having the execution bit flipped provides very little security as seen by past exploits - it is merely another boundary that needs to be exploited.
Edit: Post #200... Coo...
-
No, I am not confused. I assure you I know exactly what I am talking about. You can absolutely prevent dangerous SIM updates in firmware.
And you give no evidence, sure I believe you. I accessed the baseband RTOS, altered the secondary bootloader to prevent loading GSM standards for binary SMS by killing tasks associated with any type-0 SMS and even zeroing out the binaries but realized this is pointless because the entire thing is running in supervisor mode. Any changes can easily be undone remotely by the carrier BTS regardless if there's a SIM in the phone or not. THis is why Cryptophone has a baseband firewall. It's a waste of time to alter the firmware.
So that leaves you with either dropping in a physical firewall chip like Cryptophone does or the sim card itself. The standard unlocking SIM methods don't remove the applications already stored on the carrier SIM which in my country is encrypted with AES, they don't prevent acknowledgement of SMS being received either which is used for tracking. If you can find a foreign SIM you can clone the information to a new SIM with no carrier spyware applications on it, but the one's here aren't using DES.
Fine. They are endlessly more relevant for Linux and MacOS installs as well. Stacking them against 'mobile developers' is retarded when they affect all hardware/software systems quite equally. And having the execution bit flipped provides very little security as seen by past exploits - it is merely another boundary that needs to be exploited.
Linux, Windows and other desktop systems don't have an insecure IPC. You can't expose accidentally entire pages of memory and or magically have API access to other programs unless you specifically write an exploit to do it which is not at all as easy as it sounds, especially on a hardened gentoo build which is what Liberte is. Put com.android.phone in an emulator and run an intent fuzzer on it see for yourself. Try the same thing on any desktop operating system, nothing happens except possibly slight performance issues.