
SMSSecure – SMS Encryption for Android - psykovsky
https://smssecure.org/
======
tveita
I didn't mind much that TextSecure removed the SMS feature, since I didn't use
it anyway, but I think the removal was badly handled. I'm glad someone is
catering to the users who used this feature, it gets more eyes on the code and
increases the pressure on the Signal team to do things right.

When TextSecure removed SMS encryption there wasn't a clear warning about it
in the what's new message, and as far as I can tell there was no deprecation
period or warning to users who had been using it. You'd be sending encrypted
messages before the update, and unencrypted messages after. For some reason
they didn't link to their blog post[1] in the what's new message. It looks to
me like they didn't want people to notice that they were removing a feature.

This lessens my trust in the creators and makes me hesitate to update the app
since I don't know if they will change or remove features I do use in the
future without warning. Hopefully they'll review their process so they don't
scare more people over to SMSSecure.

[1] [https://whispersystems.org/blog/goodbye-encrypted-
sms/](https://whispersystems.org/blog/goodbye-encrypted-sms/)

~~~
moxie
If you didn't use the feature, you might have missed it, but we talked about
its removal publicly for over a year. We also made many incremental changes
over that year in order to phase it out so that it wasn't a sudden removal. We
did all of that, despite the fact that it was used by an incredibly tiny
fraction of our total install base. The people who used encrypted SMS are very
vocal, but the users we're really targeting never even knew it existed.

I think projects like this one are great. I have no idea if the people behind
it know what they're doing or can write secure software, but we've always
wanted some place where the people who want to import their GPG key, manually
select their underlying block cipher, or support WoT style key signatures can
go. Projects like these might be a better fit for those users.

~~~
psykovsky
Can you say which users you're really targeting or point me to where you've
said it before? Keep up the good work, man!

~~~
aidenn0
I don't have a link other than their website[1], but the copy there suggests
that the goal is to make encrypted communication ubiquitous by making it easy
to use. They are targeting the people who would never get gpg set up due to
how much of a PITA it is; the people who don't know the difference between AES
and 3DES much less CBC and GCM.

1: [https://whispersystems.org/](https://whispersystems.org/)

------
dTal
"Get it on F-Droid" \- that sure is a pleasant change from TextSecure's
needless drama.

~~~
yownie
OMG. so much this++ I wonder how they're avoiding using GCM like textsecure
was

~~~
pR0Ps
We've removed the need for GCM since SMSSecure only deals with the SMS/MMS
functionality.

------
pR0Ps
I'm one of the developers of this project. If you have any questions, let me
know.

To be clear, this project isn't endorsed in any way by Open Whisper Systems.
We forked their codebase pre-v2.7.0 and are integrating upstream commits, but
that's it.

The idea isn't to compete with TextSecure, it's to provide the encrypted SMS
functionality TextSecure used to (with all it's compromises and drawbacks) for
people that push-based messaging isn't an option for.

~~~
hobarrera
The really hard part about encrypting communications is key distribution and
validation (eg: validating that the public key for number 555-1234 actually
belongs to Alice).

How did you guys attack this problem?

~~~
pR0Ps
Key distribution isn't really something we're doing. Each user just keeps
their own list of verified identities.

We're using the same system we inherited from TextSecure for encrypted SMS:
Trust keys implicitly on first use, while encouraging users to verify them out
of band.

The verification is handled by providing a screen that has your identity and
what you think the recipient's identity is. If the recipient's identity
matches what your app says and vice-versa, then you know you're talking to the
right person.

Ideally, the verification would be done in-person or via another secure means
of communication. Currently you can verify identities by just reading them
out, or via QR code.

------
sschueller
"This is a fork of TextSecure that aims to keep the SMS encryption that
TextSecure removed for a variety of reasons."

Reason for the fork: [https://whispersystems.org/blog/goodbye-encrypted-
sms/](https://whispersystems.org/blog/goodbye-encrypted-sms/)

~~~
AlyssaRowan
The underlying reasons are actually pretty sensible.

Signal (as it will be) can't deliver encryption via SMS on iOS due to platform
restrictions. Neither can tablets or computers normally send SMS messages. (To
say nothing of metadata risks, although TextSecure cannot address that without
a decoupling layer, like Tor, and in any case low-latency low-bandwidth mixnet
messaging is _very_ hard versus nation-state adversaries with traffic
correlation abilities.)

It's also clear that voice and video can't be delivered well or at all by
SMS/MMS, and that MMS in particular is a huge pain in the arse.

However, users who have limited/no data plans are up in arms. Whole bunch of
1-star reviews. Clearly quite a few vocal users (not necessarily users in
regions you might expect) liked this feature, used it, seemingly needed it. I
know that sometimes when travelling even I'm out of data service, but within
SMS service.

So it may be that a fork does make semantic sense here. Signal will eventually
deliver cross-platform best-in-class secure messaging, group messaging,
voice/video/etc - features which cannot be delivered by SMS - and SMSSecure
could deliver encrypted SMS messages for users on the Android platform (only).

~~~
psykovsky
If they intend to be a messaging app then they should stop trying to be the
default SMS application. They're just another messaging app.

~~~
AlyssaRowan
Agreed there: if Signal won't do SMS, they shouldn't be catching SMS intents,
or they might get invoked when, for example, there's no data. (Of course,
there's scope for disagreement here. SMS and particularly MMS are _horrible_ ,
but sometimes horrible is all you've got.)

~~~
sarciszewski
Maybe someone should suggest this to the team? They probably did that from the
get go, but now no longer need to.

~~~
detaro
They said on Github that they are keeping it for a while, so that users still
can receive encrypted SMS from users that haven't updated yet.

~~~
patcon
I believe the GitHub issue is about catching intents by default. In case
people were thinking support for using TS as a SMS app was going away, here's
an excerpt from the mailing list that says it's not:

>> [whispersystems] Can we remove the SMS feature completely?

>> Since the secure SMS option is removed. To reduce the confusion, can we
remove insecure SMS option too?

> <insert thread of disagreements>

> Re: [whispersystems] Can we remove the SMS feature completely?

> Everyone can rest assured, we have no plans to do this. I'm pretty committed
> to an integrated messenger.

> \- moxie

(For some reason this Apr 1 message is not in the mailinglist archives. Not
sure what's up with that.)

------
ToastyMallows
As someone who doesn't follow TextSecure or anything else, how does this work?
How do my messages get encrypted, yet the people I'm texting don't need to
install anything to read them? What am I missing here.

~~~
Couto
Both parties need to have SMSSecure installed, and a secure session started —
a roundtrip of sms to exchange keys, or something (im not an expert so not
sure if those are keys, or something else).

Otherwise they will only see a garbage of letters/numbers.

~~~
huehehue
That seems like it would turn off some potential users due to the hassle of
switching apps.

I'm ignorant of the process, but is there no way to check that the user has
installed SMSSecure first and, if not, fall back to sending unencrypted data?
(perhaps that could be toggled via a fail open/closed option)

~~~
Couto
You can use SMSSecure as your default messaging app. That way you don't have
to switch apps. You can even import your SMS from the default messaging app so
that you don't loose your history. Bonus: you can then encrypt those SMS
locally, but that's optional.

You can toggle the option to send encrypted sms or not, per contact, so if
your contact doesn't support SMSSecure, you just send a regular SMS.

The ability to know who's using SMSSecure is interesting and not currently
supported (that I know of)

~~~
pR0Ps
Actually, if you receive a message from someone using SMSSecure, you'll get a
prompt asking if you want to upgrade to a secure session. But yes, there is no
way to look someone up and check if they're using SMSSecure.

The detection was actually inherited from TextSecure and works by "tagging"
shorter messages with some detectable whitespace after the message contents. A
bit of a hack, but it's a limitation of the transport.

Relevant commit:
[https://github.com/SMSSecure/SMSSecure/commit/93d94f2b7a9fd6...](https://github.com/SMSSecure/SMSSecure/commit/93d94f2b7a9fd60c5051e2e3845e40bb857cc5ef)

~~~
psykovsky
So, that detection can be used by anyone who receives one of my texts to see
if I use SMSSecure or not? Isn't that a metadata leak?

~~~
pR0Ps
Yes, anyone who analyzes the messages you send can assume that you are using
SMSSecure.

However, compared to the amount of metadata that's already being leaked over
SMS[1], adding the fact that you _could_ [2] be using a specific SMS client
that has the ability to encrypt messages doesn't seem too bad.

There was an option in a previous version of TextSecure to disable this
tagging, but it was deemed unused and axed[3]. For the same reason, I'm loathe
to add it back in, but having the option shoved under the "Advanced" menu may
not be too bad.

[1] This is something that TextSecure does much better with. SMS messages
(even encrypted) still leak metadata on who you're messaging and when.

[2] There's some element of deniability with whitespace tags (granted, not a
lot). On the other hand, if you're registered with TextSecure (which can be
checked simply by adding a user your contacts and opening the app), there's
only one reason you would be there.

[3] See
[https://github.com/WhisperSystems/TextSecure/commit/40eca5e0...](https://github.com/WhisperSystems/TextSecure/commit/40eca5e0f600f0579c8e4001da74d19b8785e820)

------
darkhorn
Last year I have started to use BABEL.

[https://play.google.com/store/apps/details?id=cz.oksystem.sm...](https://play.google.com/store/apps/details?id=cz.oksystem.sms&hl=en)

~~~
sarciszewski
I don't see a link to github anywhere in the description. Is it open source?

~~~
JupiterMoon
I don't know anything about this app and don't know if it is open source (it
doesn't look like it is).

However, did you know that not all open source stuff is on github???

~~~
sarciszewski
> However, did you know that not all open source stuff is on github???

Yes, I did. I also looked for bitbucket, gitlab, Google Code, etc. and found
nothing.

So I just opened it in JD GUI and saw this gem.

    
    
        Cipher localCipher = Cipher.getInstance("AES/ECB/NoPadding");
    

Don't use BABEL. It's written by people who don't understand security.

EDIT:

    
    
        private static final SecretKey a = new SecretKeySpec(
          new byte[] 
          {
            -91, 63, 7, 80, 88, -58, -47, -28, 55, 126, -126, 27, 67, -64, 
            97, -46, 5, 44, -14, -94, -103, 96, -57, 33, -108, -104, -122, 
            125, 49, 29, -25, -27 
          }, 
          "AES"
        );
    

Is dat a static key? :O

~~~
JupiterMoon
> Yes, I did. I also looked for bitbucket, gitlab, Google Code, etc. and found
> nothing.

No worries then.

I checked out their website - I can't see any links to source code. So in my
opinion it's just yet another closed source pretending to be secure messaging
service then...

------
classicsnoot
Is this a full replacement for TS or does it just do SMS?

~~~
psykovsky
It just does SMS.

~~~
marssaxman
perfect! that's all I wanted it to do anyway.

