
About backdoors in crypto messengers - larma
http://blogs.fsfe.org/larma/2017/signal-backdoors/
======
dbalan
Some observations, 1\. At this point its extremely hard to use XMPP - there
are too many competing standards that implements encryption (of which a subset
has forward secrecy), and if sender server doesn't implement any the other end
does, usually falls back to plain text, one can disable it - but this is just
too much overhead for a regular user. (food for thought [1])

2\. Again, reminder from countless HN comments - there is a PR in works to
make GCM optional[2], as soon as its merged, this will be solved

3\. Maps seems to the real problem here: this could be disabled after 2?
(otherwise, whats the point?)

[1] [https://whispersystems.org/blog/the-ecosystem-is-
moving/](https://whispersystems.org/blog/the-ecosystem-is-moving/) [2]
[https://github.com/WhisperSystems/Signal-
Android/pull/5962](https://github.com/WhisperSystems/Signal-Android/pull/5962)

edit: formatting, forward secrecy not e2e

~~~
lima
Conversations is a great XMPP client. It works very well, support inline
images, stream resumption and everything.

The OMEMO standard brings the Signal protocol to XMPP and it works great. I
use Conversations for my hacker friends who refuse to install Signal (GCM
dependency!) and surprisingly, I'm not missing a lot.

Now we only need a desktop client that supports the same features... And iOS
(but TextSecure is making progress there)

~~~
BjoernSchiessle
> Now we only need a desktop client that supports the same features... And iOS

For iOS ChatSecure was just released with OMEMO support
[https://chatsecure.org/blog/chatsecure-v4-released/](https://chatsecure.org/blog/chatsecure-v4-released/)

Regarding desktop clients, I can recommand Gajim which also has a OMEMO
plugin.

------
roddux
The backdoor referred to can be applied to any Android app that uses Google
Maps. Also mentioned is that using the built-in Google keyboard is a
vulnerability, because in theory it gives Google the ability to keylog you.

I supposed this boils down to knowing your adversaries. If you number Google
amongst that list, life is going to be really difficult - no matter who you
are.

~~~
jordskott
I guess it mostly boils down to Moxie and his ridiculous claims of how much
more secure Signal is when compared to other solutions (like XMPP and anything
based on PGP).

Don't get me wrong, I understand the design and user experience decisions of
making Signal depending on GCM but Moxie just loves to bash on XMPP and
federated protocols and putting Signal on a pedestal of exemplary security.

I admire the dedication on putting together the Axolotl protocol but I hate
when he mixes his business interests with secure crypto solutions, because by
the end of the day that is what he wants, to sell Axolotl to companies like
Google and WhatsApp. And of course, bashing on XMPP is just a business pitch
to those companies.

~~~
tptacek
It's not Moxie doing that, it's virtually the entire community of
cryptographic engineers. And Open Whisper Systems is a grant-funded nonprofit
that until recently could so barely afford developers they were considering
withdrawing their iOS version, so the idea that this is all about Moxie's
business interests is horseshit.

------
iuguy
If you're considering Google an adversary, perhaps you shouldn't use stock
Android, or any of their software.

If you're considering Google an adversary, and use a version of Android
without Google support, you can't use Signal anyway.

~~~
em3rgent0rdr
Actually, it is possible to use Signal on Android without Google using the
opensource microG and Xposed framework (setup is a bit involved...but you can
google that :P for a guide).

~~~
Sir_Cmpwn
This still relies on Google's servers to support push messages FYI.

~~~
em3rgent0rdr
"without Google _proprietary code on your phone_ "

------
Sir_Cmpwn
>tl;dr: There is a “backdoor” in Signal nobody cares about, only Google can
use it.

Speak for yourself. This backdoor is the reason why I don't use Signal.

~~~
verroq
You don't use Signal because your phone manufacturer can put a backdoor in the
OS or hardware?

Why even use a phone?

~~~
Sir_Cmpwn
I don't use Signal because of Google Play Services, which is the backdoor this
article refers to.

I'm reasonably confident that my phone's OS is uncompromised and I take the
radio problem into consideration as part of my threat model and change my
behaviors on my phone accordingly. I have also made some progress on using
OsmocomBB as a radio baseband, and on building a custom phone that treats the
radio as hostile and isolates it as much as possible.

~~~
BuuQu9hu
Which device are you using OsmocomBB on? Which custom device are you building?

Neo900 looks pretty good for baseband isolation.

The phone network and the protocols for connecting to it are pretty user
hostile no matter how open and secure the phone and baseband are though.

Don't forget the SIM card runs its own insecure OS that people have hacked
before and you just can't replace that.

~~~
Sir_Cmpwn
>Which device are you using OsmocomBB on?

A Motorola C139.

>Which custom device are you building?

A, uh, custom one.

>The phone network and the protocols for connecting to it are pretty user
hostile no matter how open and secure the phone and baseband are though.

>Don't forget the SIM card runs its own insecure OS that people have hacked
before and you just can't replace that.

Yeah, I'm keeping both of those things in mind. There won't be any assumption
that your phone calls or SMS will be secure, but rather that your mainboard OS
is secure _from_ the radio and that you don't have to worry about discussions
had near your phone and such.

------
gcb0
for the record, firefox for android also integrates the google backdoor for
the sole purpose of allowing chromecast for videos... which zero users use or
want.

~~~
angry_octet
Speak for yourself, Chromecast is very useful. Though obviously you should be
able to turn it off.

~~~
gcb0
it is usefull but not in a browser.

firefox will never be better than mx or vlc for video. those apps should have
chromecast support.

------
binaryapparatus
It seems that if you really want proper secure channel you need to write one
yourself. Anything out there is subject to being compromised.

Is there open source alternative for Signal?

~~~
_0ffh
You don't have to look far. The actual Signal client source is licensed under
GPLv3.

Edit: And server code under AGPLv3.

~~~
em3rgent0rdr
well LibreSignal was shut down because Moxie didn't like them using
WhisperSystem's servers. I guess the libre community could figure out how to
setup and fund an alternative server, but since Signal's server code isn't
_federated_ , then I don't believe there would be a straightforward way to
send messages between the two systems.

[https://github.com/LibreSignal/LibreSignal/issues/37#issueco...](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165)

~~~
vurpo
Moxie and Whisper Systems is clearly against decentralization and federation,
based on that blog post they wrote. This means it's unlikely that Signal is
ever going to have any support for federation.

~~~
temprature
_> This means it's unlikely that Signal is ever going to have any support for
federation._

Signal _had_ support for federation. Their server was federated with
Cyanogen's for a while[0]. That being the disaster it was is why that blog
post happened and no one seems to be forthcoming with solutions to the
problems they had.

[0] [https://whispersystems.org/blog/cyanogen-
integration/](https://whispersystems.org/blog/cyanogen-integration/)

------
arghwhat
tl;dr: this is stupid.

People seem to love analyzing security of tiny corners of systems while
ignoring the rest of the system, and entirely avoiding figuring out a scope
for the security.

The post complains about Signal using a Google service, that Google could
utilize (either now or through an update) for malicious activity. A Google
service that without a fair share of poking around is only available on
_Google_ versions of Android. I mean, _what_.

While this is a more serious problem than the usual whine about GCM (Yes,
notifications can give a lot of info, but in case of Signal, the info given is
"You received something from some Signal user while you were offline"), it is
still amazing how blind the analysis seem to the environment. If you cannot
trust Google to provide a "non-evil" Google play services, why the flying fuck
do you think the Google-provided (or manufacturer-under-tight-google-control-
provided) OS is fine? They could backdoor the process isolation and poke
around at Signal memory if they felt like it.

Now, if you are security conscious and willing to let go of the conveniences
of selling your soul to Google, you would be running a non-Google'd version of
Android without Google services. Your only valid complaint in this case, is
that Signal depends on Google services to operate, which makes you unable to
use it (without hacking Google back into your Android version, but if you do
that you might just as well stick to a Google version).

Oh, and what about the black box binary drivers you are using on your super-
secure handset? Baseband? CPU (ME anyone?)? SIM card?

Before you talk about security, figure out what you are trying to protect
against, and start from the top. You look like an idiot if you complain about
breakable windows but do not notice that the door is open.

~~~
snowpanda
Your entire comment is based around the "but there are bigger problems"
argument.

That's like saying you shouldn't fix your leaking engine, if your brakes don't
work.

~~~
tptacek
This analogy is basically perfect.

------
tcoppi
Can we please stop calling these types of vulnerabilities "backdoors"?

~~~
snowpanda
Why? It's a backdoor.

------
snowpanda
>This code is included by calling the createPackageContext-method together
with the flags CONTEXT_INCLUDE_CODE and CONTEXT_IGNORE_SECURITY. The latter is
a requirement as the android system would deny loading code from untrustworthy
sources otherwise (for a good reason). The code is then executed in the Signal
process, which includes access to the Signal history database and the crypto
keys.

\---------------------------

Glad someone points out the technical details of why many people had doubts
about signal. Unfortunately, Moxie will dismiss it, and his following will
claim "it affects other apps too" as if that makes it any better. "Other apps
do it too" is not the standard a "privacy" app should aim for.

------
dutchbrit
Blog seems to be down, and cannot find a cached version in Google :(

~~~
larma
[http://webcache.googleusercontent.com/search?q=cache:OSLZXIu...](http://webcache.googleusercontent.com/search?q=cache:OSLZXIubGtAJ:blogs.fsfe.org/larma/2017/signal-
backdoors/+&cd=1&hl=de&ct=clnk&gl=de) works for me (better use text only
version as Google tries to load css from the server apparently)

------
throw2016
It difficult to see how a service that ties to your phone number can make any
claim about privacy halfway seriously. This is reckless.

And worse tie itself to a company whose business model is based on creepily
stalking you all over the internet and getting users psychologically
accustomed to the fact they are under surveillance. These are serious
escalations that go unnoticed because SV has become a magnet for those who
want to profit from it.

A half way serious and sincere effort will be open source, not tied in any
remote way to known surveillance companies, and based in a country that
genuinely respects privacy.

~~~
em3rgent0rdr
The claim is secure transport only. They have never made a claim that
adversaries won't be able to detect that you are sending encrypted messages.

