Talking recently with a colleague in the security research side of things, they noted, “Funny—we’ve come full circle moving from phone numbers to social media handles now back to phone numbers. Wait a little longer and you’ll be mailing me letters.” (Quoted with their permission.)
That’s not as mordant as it sounds. The seemingly accurate revelations by WikiLeaks recently of a CIA cache containing descriptions and analyses of an enormous number of exploited and potential vectors to insinuate into people’s hardware and data leaves me once again examining what it means to have privacy—whether from those you know, criminals, or governments (with or without legal authority to snoop).
My colleague was referencing in particular the Signal app, which relies on phone numbers as initial identifiers to connect with others, at which point you engage additional out-of-band methods to affirm the person with possession of a given device connected to that phone number is the person you expect it to be.
Signal comes in iOS and Android versions, supports messaging and calls, and has what’s seen to be the most robust and well-designed end-to-end encryption approach available. Open Whisper Systems makes both the app and releases the Signal Protocol for use in other programs.
Signal was cited in the WikiLeaks summary of its first tranche released from a larger cache, and this resulted in misreporting about its integrity and security. Signal, Facebook’s WhatsApp (which uses the Signal protocol), and other messaging apps were called out as vulnerable—but only when the device’s operating system had been compromised, allowing interception of data as it was being tapped in or after it was received.
In fact, as Signal founder Moxie Marlinspike told New York magazine, “End-to-end encryption has pushed intelligence agencies away from undetected and unfettered mass surveillance to where they have to use high-risk and targeted attacks.”
That is, the fact that well-designed messaging apps have improved to the point that messages and media sent over them can’t be easily intercepted or cracked in aggregate is why agencies have had to focus on cracking operating systems to gain access. Because these cracks are unknown, they’re extremely valuable and typically get deployed sparingly against single, high-value targets.
Once observed in the wild, or discovered separately by a security researcher, the exploit gets fixed and can no longer be used. This precise sequence happened when United Arab Emirates’ human-rights activist received an SMS message that linked to a page that triggered a set of three interlocking iOS zero-day cracks, the vectors of which were captured, given to Apple, and rapidly fixed.
This lack of nuance about where the flaw lies is on top of a previous erroneous report in January about the use of the Signal protocol inside Facebook’s WhatsApp, where the Guardian newspaper originally described a piece of unlikely behavior as a backdoor. It corrected its article lightly—it removed the term backdoor—and later included more informed opinion, but it remains on its face incorrect. A large number of security researchers signed an open letter to the Guardian explaining the terminology and fundamental problems with the article.
Whose flaw is it anyway?
If I were a conspiracy theorist, I would suggest there’s a concerted effort to tell people around the world that the most secure end-to-end messaging apps are flawed, which drives people to use more familiar and less capable systems. Weaker systems include iMessage, which uses outdated cryptographic principles and has fundamental flaws in the current implementation. One of those flaws, the lack of forward secrecy, could turn intercepted encrypted iMessage traffic today into something that a future crack would render retroactively decipherable. (I’ve written many times that Apple needs to step up and adopt a more Signal-like approach.)
I’m not such a theorist, however appealing it might be to imagine. The Guardian’s thin reporting was based on a blog post from a researcher in April 2016 that didn’t spark attention then, and it was a reminder by that researcher in January that led the Guardian to misexplain the WhatsApp issue.
And despite WikiLeaks being the wellspring of conspiracy theories, its initial statement provide context—for those paying attention—that the CIA had allegedly cracked previous versions of iOS and Android, and the weakness in messaging was at the fundamental system level. End-to-end encryption doesn’t deter an attacker who can capture your keystrokes and data being sent to a display.
Apple examined the documents WikiLeaks posted and said in a statement that day “many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities.” (In one set of documents, AirPort base station firmware and AirPort Utility were analyzed, but it doesn’t appear an exploit had been developed at the time the documents were captured.)
Because WikiLeaks didn’t release source code or much information alongside the analytical documents, it’s unlikely unpatched iOS and other flaws can be deployed as zero days. And the information-dumping firm took what seems to be an unprecedented step, with its head, Julian Assange, promising to disclose these details to affected companies to provide them time to patch remaining exploits. It will then post the code publicly.
Signal and its underlying protocol aren’t the be-all and end-all in secure messaging, but they’re close to the best we have that can be used by a large number of people, including dissidents, activists, and reporters. Don’t ignore real faults, but be skeptical of the first wave of news when these stories break.