2014 Apple iMessages security update

Leave a reply

A few days ago I made the following tweet:

I’d like to apologize for the wording of that, as it could have been written in a more accurate way.

To help clear up any confusion, I spent the past day or so diving into the nitty-gritty details of Apple’s iOS Security Guide from October 2014. Big thanks to Nate Cardozo of EFF for linking me to it.

The tweet I should have made instead is:

While Apple’s iMessages are designed to be “end-to-end encrypted”, Apple can still read them (if they wanted to).

That is not news. On October 17th, 2013, Quarkslab published iMessage Privacy, where they stated (correctly) that:

Apple can read your iMessages if they choose to, or if they are required to do so by a government order.

This is because Apple owns and operates the infrastructure that distributes the public keys between phones. At any point in time they are capable of giving out a public key of their invention (not belonging to the intended recipient), and decrypting/re-encrypting your messages as you send them to your friends and family.

A separate and more concerning issue was pointed out by Ars Technica a few months prior: if you enable iCloud backups, Apple will encrypt your data with keys that they generate themselves instead of using a key that’s based on your password (which they do not know). This is why Ashkan Soltani was able to restore his iMessages onto a completely different iPhone after resetting his iCloud password and answering Apple’s iForgot security questions.

Update July 27, 2015: A third issue, perhaps the most severe, is  Apple’s use of weak encryption, only 1280-bits!

Has anything changed since then?

After reviewing Apple’s 2014 October iOS Security Guide, unless I am misreading something, the answer appears to be: Nope.

Below are some choice screenshots from my annotated copy.

iMessages security (in transit)

Here Apple describes how their IDS and APN services act as MITM between users for the purpose of public key exchange and message delivery. As long as these services are honest, the communication actually is end-to-end encrypted. There’s nothing in the protocol forcing Apple to be honest, however.

iMessages security (when backed up to iCloud)

On the matter of iCloud backups, we have the following (for the infosec crowd; skip below if you find it overwhelming):

Screen Shot 2014-11-08 at 9.41.52 PM

Screen Shot 2014-11-08 at 9.42.43 PM

This gobbledygook says that for iCloud backups data like iMessages gets encrypted with Apple’s keys (not yours), while keychain entries (wifi passwords, credit cards, iMessage private keys [not messages], etc.) are stored in a way that (allegedly) Apple cannot read because it’s tied to a password (a “UID”) that Apple creates for each phone upon manufacture (but claims to not know). The iMessage keys are used for the so-called “end-to-end” encryption when sending data between phones. They are not used to encrypt the messages stored on the phone, nor the messages stored in iCloud.

Conclusion & Recommendations

It should be emphasized that Apple has gone to noble lengths to protect your data.

The technical shortcomings described above do not imply any sort of intentional failure or sneakiness on Apple’s part. IMHO, Apple has done fairly well (within the confines of a centralized system) when it comes to balancing communications security with easy of use. The award for “the best” job still goes to the Signal/TextSecure team. Apple’s iCloud backups, however, should be encrypted with the user’s keys, not Apple’s (at the very least this should be an option). Nate points out that Apple provides a way for users to delete old iCloud backups.

To address the rest of the shortcomings, we suggest that Apple (and other companies) explore decentralized key distribution mechanisms (like okTurtles’ DNSChain). Such mechanisms don’t require fingerprint verification between users and therefore would preserve the fantastic user experience that Apple is known for, while simultaneously protecting both Apple’s users and Apple itself from forms of coercion (like National Security Letters) that destroy Apple’s “end-to-end” encryption.

Apple should also be commended for the steps they’ve taken to be more transparent about the security of their systems. I enjoyed reading their iOS Security Guide and felt they did a fantastic job with it. Props to the team that made that happen! 🙂

A final remark: if Apple is to receive any criticism, it shouldn’t be for any technical shortcomings, but instead for the following misleading marketing claim on their website:

 

My thanks to Nate Cardozo, Simon de la Rouviere, Filipe Beato, and Bob for reviewing this post.

Espionage 3.6.1 Released! Yosemite Compatible.

Leave a reply

Espionage is Yosemite ready. 🙂

  • New!
    • Added crash reporting mechanism (QuincyKit).
  • Improvements!
    • Large folders should unlock faster now (size check is now done asynchronously)
  • Bug fixes!
    • OS X 10.10 Yosemite compatibility.
    • Fixed problem causing NSLockError messages in console.
    • Use built-in notifications by default (they display more text than OS X’s or Growl’s).
    • Espionage’s “Window Mode” window would appear would it shouldn’t.
    • Quit button shouldn’t show on the very first TESetupAssisant.
    • No longer show “Buy Now” in license preferences when registered.

The signature for Espionage.dmg is here and also here. The SHA256 of the main binary is also noted below.

Enjoy! 😀

$ openssl dgst -sha256 Espionage.app/Contents/MacOS/Espionage
SHA256(Espionage.app/Contents/MacOS/Espionage)= 64ccef4205db3d32f38f656b1a02bd6a0f6905680e2a3434680c4ea982954eaa

Major Advancements in Deniable Encryption Arrive in Espionage 3.6

4 Replies

Four months ago, we previewed Major improvements to plausible deniability in Espionage 3.6. Today we’re delivering those improvements, and many more!

Overview of Significant Features

1. Plausible Deniability

Espionage 3.6 enhances the deniable encryption of previous versions by creating a random number of convincing fake encrypted disk images and a random number of fake Folder Sets (a Folder Set is a group of encrypted folders protected by a master password. You can have as many of these as you want, each having a unique password).

Fake disk images and fake Folder Sets have the potential to make it virtually impossible to tell whether a user has shown you all of their encrypted data. The fake data looks just like the real data, and we’ve even taken pains to ensure that all of the files inside of the fake disk images have random (and convincing) timestamps on them.

Update October 7, 2014: However, as of this release, the timestamps on the fake disk images are not sufficient to fool all infosec professionals. We are researching methods that will fool infosec researchers while still being respectful of our user’s backup systems (like Apple’s Time Machine, SpiderOak, etc.). Users might end up having to choose between super-convincing deniability and having to backup fake data periodically. We thank Steve Weis, Collin Anderson, and the [LiberationTech] community for pointing out that we should have made this clear here, and apologize for not having done so originally.

After updating to 3.6, existing users are encouraged to verify that all their folders unlock without problems, and then delete the old database backups in this folder:

~/Library/Application Support/com.taoeffect.Espionage3/Backups/

Copy and paste that path into the dialog that appears when you choose Go to Folder… from the Finder’s Go menu:

Go to Folder...
We recommend deleting these old database backups because they can give away which copies of your database are filled with fake folder sets and which aren’t (because of the file size difference). The super-paranoid might also want to clear out their system’s log files after the update.

Why do we care about such features? Because encrypting data isn’t enough to protect you from all threats, as this XKCD so elegantly illustrates:

2. Partial support for TEN new languages (to-be-finished soon!)

Remember our Pootle blog post and call for translators? Well, their hard work is being previewed in this release with the addition of ten new languages (in addition to English, Spanish, and Brazilian Portuguese):

  • Arabic
  • Chinese (Simplified)
  • Czech
  • French
  • German
  • Italian
  • Japanese
  • Korean
  • Russian
  • Tagalog

We expect to release another update with completed translations for the languages above in the next update (or soon after it).

And much much more!

This release involved almost the same the level of effort as a major release, but we’re releasing it as a free update for all Espionage 3 users.

Explore the complete list of changes:

  • New Features!
    • Fake folder sets and fake disk images to mask how many you really have.
    • Holding Shift when unlocking folder opens it (plus preference to make default behavior)
    • Set the default image disk location via Preferences.
    • Double-click license to register Espionage (although we don’t want to encourage double-clicking email attachments, too many weren’t reading the instructions).
  • Security Enhancements!
  • Updated Localizations!
    • Updated:
      • Spanish, Brazillian Portuguese
    • Partial (to-be-finished) support for:
      • Arabic, Chinese (Simplified), Czech, French, German, Italian, Japanese, Korean, Russian, Tagalog
    • Want your language here? Get in touch!
  • Improvements!
    • Multiple monitor support.
    • No longer brings up the scary OS X prompt for Contacts access during install (users must now manually type email to subscribe to newsletter).
    • Updated Sparkle to 1.7.1.
    • Close Espionage window when Escape key is pressed.
    • Quit if database newer than what Espionage expects.
    • Encrypted folders on Desktop stay visible when unlocked.
    • Better architecture for handling of disk images on external drives.
    • All XIBs upgraded to Xcode 5.
    • Sparkle updates from updates.taoeffect.com to avoid scaring Little Snitch users.
  • Bug fixes!
    • Crash in OS X 10.7 resizing the disk image.
    • Fixed potential crashes in certain error-handling situations.
    • Multiple Screen in OS X 10.9
    • Autounlock now properly updated for folders that were forcibly removed from the database (via the contextual menu).
    • Disk image’s password is now saved in the same folder as the disk image when restoration fails (instead of always on the Desktop).
    • When using Window mode, open Espionage window when Dock icon is clicked
    • In folder list, filter by folder name instead of folder path
    • Removed misplaced warning when sparsebundle is imported from Desktop
    • Fixed email validator in newsletter setup assistant.
    • Better error handling and error messages during encryption and decryption.
    • Autounlock dialog staying open too long.
    • Removed deprecated API use (and therefore the Console messages).
    • Misceallaneous fixes and improvements. Over 100 tickets closed in this release!

And as promised, we’ll be signing all our releases. The signature for Espionage.dmg is here and also here. Also,  starting in 3.6, Sparkle will verify updates using a pinned 4096-bit DSA key. The SHA256 of the main binary is also noted below.

Enjoy! 😀

% openssl dgst -sha256 Espionage.app/Contents/MacOS/Espionage
SHA256(Espionage.app/Contents/MacOS/Espionage)= 2d1c3ffdf129060f00729893b20db26b34bcc56d8197889720cbe191b4d38081

Giving away commercial iSpy licenses

Leave a reply

iSpy is the low-level tech that powered Espionage versions 1 and 2. It is unique, there are no competing technologies that can do what it does (to my knowledge): monitor and intercept file-system events based on arbitrary filters. It’s how Espionage 2 could display a password-prompt when a user double-clicked on a folder and “pause” the Finder while it tried to open the folder.

Today we’re announcing that we’re giving commercial licenses to iSpy to anyone who wants one in exchange for 20% of the revenue generated from any sale of such software.

If you’re interested, contact us: contact@taoeffect.com (or id/greg on Namecoin)

Pootle Tutorial: Guide for translators and developers

Leave a reply

We’re working on localizing Espionage into many languages, so we installed Pootle, an excellent free and open source web-based localization platform that developers and translators can use for that purpose.

To help our translators, I’ve put together what I hope if an easy-to-follow guide on how to use Pootle (partly because Pootle’s documentation on actually using Pootle is virtually non-existent at the moment).

In the event that it’s helpful to others, I’ve decided to share it publicly:

Pootle Tutorial

Hiring translators for these languages:

  • Korean
  • Persian
  • Arabic
  • Hindi
  • <Your Favorite Language Here!>

Already Have:

  • English (duh :P)
  • Spanish
  • Brazilian Portuguese
  • German
  • French
  • Russian
  • Mandarin
  • Japanese
  • Italian
  • Polish

If you’d like to help us translate Espionage into *your* favorite language, send us an email (replace the stuff in brackets as appropriate):

support [at] taoeffect [.] com

Enjoy! 🙂

Major improvements to plausible deniability in Espionage 3.6

1 Reply

UPDATE July 19, 2014: Espionage 3.6 is out! Go get it! 🙂

Plausible deniability (in cryptography) refers to methods of protecting users (and their encrypted data) from so-called gun-to-the-head scenarios”:

Any situation that involves some type of coercion stands to benefit from plausible deniability. Although unlikely, some users may find themselves threatened into giving up their encryption keys through physical force, or by the threat of loss of freedom (examples here, here, and here).

It is quite unfortunate, therefore, that it’s possible to count on one hand the number of data security applications that attempt to do anything to address this issue.

Data security does not stop at encryption

We believe that “security” which protects users in some circumstances (but not others), from some adversaries (but not all), is inferior to security that has no exceptions.

When we designed Espionage 3, we decided to focus on plausible deniability as a core feature. It was never an afterthought. We discovered, that In order to do plausible deniability correctly we had to build the entire app around the concept.

When we released Espionage 3 in 2012, it was (to our knowledge) the first data security app to sport not one but two types of plausible deniability:

  1. Unlimited isolated master passwords, each protecting a unique Folder Set.
  2. Multi-faced folders that can show different data depending on whether or not they are locked, and which master password was used to unlock them. This resulted in some fascinating possibilities (like having different versions of your email).

Plausible deniability is Hard

An operating system like OS X has thousands of moving parts, many of which are out of the control of users and third-party developers (like us). This makes hiding the existence of encrypted data a significant challenge.

For example, try observing your system’s primary log file by opening the Console application (located in /Applications/Utilities/Console.app ) while you lock and unlock your encrypted folders. Depending on your version of OS X, you’ll see different types of information about your encrypted folders logged (like the path to the folder).

It is close to impossible to prevent this type of information leakage because it is created by applications and system components that are out of Espionage’s control (and shouldn’t be under its control). It is possible, however, to mitigate it by various means:

  • Periodically scrubbing your log files using utilities like OnyX.
  • By creating Folder Sets with different data using the same mountpoint
  • Etc.

One piece of data leakage, however, cannot be mitigated by users, and that is the number of user-created Folder Sets in Espionage’s database. This, however, is something we can fix (and do fix) in Espionage 3.6. We’d like to thank user tzugo for bringing this issue to our attention.

Fake Folder Sets are coming in Espionage 3.6

By having Espionage create a random number of fake Folder Sets, and then creating a user-specified-but-quickly-forgotten number of encrypted sparsebundles (each with a random number of files containing random data), we are able to restore the plausible deniability impacted by this information leakage.

Now, it still remains possible to check how many Folder Sets exist in Espionage’s database, but that information does not reveal the actual number of user-created Folder Sets! They might have one, five—even zero “real” Folder Sets! 🙂

The number of encrypted disk images on a user’s computer, also, does not give away the number of real encrypted disk images that the user has. It is even possible that none of the encrypted disk images contain any meaningful or user-created data (those might be on an external drive, for example).

When users update to Espionage 3.6 (or install anew), they will be taken through a setup assistant that creates all of these faux Folder Sets and disk images. Here’s a sneak peak at what it looks like:

PDAssistant

Important notes and considerations

Because Espionage 3.6 is a significant update that makes many changes to Espionage’s database, Espionage will backup the database prior to running the setup assistant and add a “-v2migration” suffix to it. It will be placed in the standard database backups folder, located here:

/Users/[your username]/Library/Application Support/com.taoeffect.Espionage3/Backups

Note that these old backup databases can be used to compromise your plausible deniability (because they show an accurate count of the Folder Sets you created).

Once the assistant finishes successfully, and you’ve verified that you can unlock all your Folder Sets and encrypted folders, you may then delete all of the old backups in that folder to restore your plausible deniability.

Also: starting with version 3.6, we will be signing all Espionage releases with our public key. Espionage 3.6 will also include a pinned 4096-bit public DSA signing key for Sparkle updates (instead of relying solely on HTTPS for securing updates).

Remember: plausible deniability is ultimately *YOUR* responsibility!

Espionage can only do so much for you. It is ultimately *your* responsibility to create convincing enough Folder Set(s) to protect you from gun-to-the-head-scenarios.

Most users won’t need to worry about this at all. For some, however, failure to take due diligence in this regard can result in undesirable consequences. If you think this applies to you, please make sure to do your homework!

Espionage 3.6 is currently getting its finishing touches and final testing. As per usual, it will be released “when it’s ready.” 🙂

Espionage 3.5.3 Released!

Leave a reply

Version 3.5.3 addresses an important data leak introduced in 3.5.2, improves Mavericks compatibility, and adds other important bug fixes, please update right away!

If you’d like to localize Espionage into your language, please contact us.

  • SECURITY: Bug introduced in 3.5.2 that resulted in all folder paths of an unlocked Folder Set being logged to the system log. After several days (or weeks) these messages will disappear from the log files, but you can force their removal using a tool like OnyX. For OnyX, use these settings.
  • IMPROVED: Added retina support for lock/unlock slider. Retina support for other graphics coming too.
  • FIXED: Removed several instances of unnecessary folder path logging (on folder lock/unlock) to help with plausible deniability. This is a losing battle because folder names and paths are logged to the system log by other background processes that Espionage does not have control over. Logging folder paths is also necessary if an error occurs.
  • FIXED: (Mavericks) Wrong folder icon.
  • FIXED: (Mavericks) Error decrypting a folder.
  • FIXED: (Mavericks) Problem unlocking folders for anyone who enabled the hidden setting “enableDiskArbitrationMethod”.

Enjoy! 😀

SHA1(Espionage.dmg)= 5d02150ca6da3fd4017a244d83db33aa536f9edc
SHA1(Espionage.app/Contents/MacOS/Espionage)= 8e92c0b2ab730c4ddd62358d3f59f818126e9d53

Phasing out support for Espionage 2 + Last chance to upgrade!

10 Replies

It has been almost five years since we announced Espionage to the world. Since then, we’ve gone through three major versions. I would like to sincerely thank all of our customers, and everyone who has supported our work in any way, whether it was by purchasing a license to Espionage, writing a review, or just taking the time to send us an email or a tweet. Thank you.

Espionage 2 was a remarkable application, but its time has passed. It taught us many lessons. We took those lessons and used them to create Espionage 3, a product that not only provides significant security improvements, but a more intuitive user experience. We will continue to listen to our customers, to read your emails, your forum posts, your reviews, your tweets, and use that to make Espionage even better.

Espionage 3 is our focus now. Therefore, we are redirecting traffic to Espionage 2’s homepage to Espionage 3.

December 31st, 2013, will be the last day we provide support for Espionage 2.

The community support forums for Espionage 2 will remain online. Zsolt, Ernesto, or myself may choose to respond to threads in that forum, but we will do that on our own time, and at our discretion.

One more chance to upgrade at a discount

We know that some of our users are still using Espionage 2. We want to make it easy for you to upgrade to Espionage 3 so that you have the security improvements and bugfixes found in Espionage 3.

When we announced Espionage 3, we released it on the Mac App Store, which made it difficult for us to offer discounted upgrades. To get around this, we lowered the price of Espionage 3 to $9.99 for one week, and sent an email to all Espionage users, letting them know that this was their opportunity to upgrade at a discount.

Many users upgraded at that point in time, but some did not. To those that missed out, we’re offering you one more opportunity to upgrade at a discount. We also want to be fair to everyone who decided to purchase Espionage 3 at full price, and so the discount will not be the same as it was the first time.

If you’re a current Espionage 2 user and would like to upgrade to Espionage 3, send us an email (see below) and we’ll send you a code that’s good for 15% off Espionage 3. Update: This offer expired December 31st, 2013. You can still follow the instructions below to receive 10% off Espionage.

To qualify, send an email to:

Your email MUST:

  1. Contain the name and email of your Espionage 2 license
  2. Contain the name and email you’d like for your Espionage 3 license
  3. Do one of the following before December 31st, 2013:
    • Be sent from the same email address that your Espionage 2 license is registered with. (preferred!)
    • Or, include your PayPal receipt for Espionage 2 to the email.
    • Or, have your Espionage 2 license attached to the email. (Not recommended. Will likely delay your license.)

Remember that Espionage 3 needs at least Mac OS X 10.7 to run!

Thank you for helping us make Espionage the best encryption software for the Mac! 🙂

“The FBI has not been here” as it applies to Espionage

Leave a reply

Some smart librarians figured out a way to get around FBI gag orders through an interesting technicality:

The FBI has not been here (watch closely for the removal of this sign).

Taking cue from the librarians, we’ve updated Espionage’s homepage with the the following blurb:

We have not placed any backdoors into our software and have not received any requests for doing so. Pay close attention to any modications to the previous sentence, and verify the signature of this

Viewing the source for Espionage’s homepage reveals a signed section that explains the types of changes that can and cannot be made to the text itself:

Espionage 3 — Source Code Available to Security Professionals

16 Replies

Oh boy, we’re really excited about this!

Not only do we have an update for you today, but we’re super thrilled to announce that as of today, security professionals can obtain access to Espionage 3’s source code! 😀

I’ve wanted to do this for a while, but I never felt comfortable releasing the code for Espionage 2 for a variety of reasons having to do with complexity of the code. Now, thanks to the rewritten Espionage 3, I can say with confidence that Espionage is as beautiful on the inside as it is on the outside, and so I have no problems letting others have a peak inside. In fact, I believe Tao Effect has a duty to its customers to do so.

Espionage’s homepage now has a new section that explains what we’ve done and how to get the source:

We know that for software to provide any meaningful security guarantees, its source code must be available to third-parties for inspection. We also recognize that releasing Espionage’s source code can hurt Espionage and its users because of software piracy.

We want to continue giving you stellar customer support and timely updates, so we follow a middle-path by giving security experts access to Espionage’s code so that they can verify its security. We’re also allowing them to distribute unmodified copies of Espionage that they’ve built themselves, so that anyone who doesn’t trust our copy can download it from them. Apply here.

Espionage 3.5.1 Released!

Also on today’s menu, an update! (With more to come!):

  • NEW: Source code access for security professionals!
  • NEW: Autolock on screensaver and screen lock!
  • FIXED: Failure to execute folder actions after folder autolock while Espionage is locked.
  • FIXED: Don’t unlock folder if an application for a folder action is already running.
  • FIXED (3.5.2): Crash on startup related to Folder Actions.
  • FIXED (3.5.2): Updated Growl to (hopefully) fix a Growl-related crash.

Enjoy! 😀

EDIT: Thanks to “Red H.” for pointing out that “source code available” != “open source”. The two are quite different, as for something to qualify as open source software, it must be distributed for free. My apologies for the error, we will update all references accordingly, and if we miss one please let us know!