How secure is TextSecure?

by laex on 11/7/2014, 10:33 AM with 52 comments
  • by rsync on 11/7/2014, 9:13 PM

    TextSecure cannot be any more secure than the intentionally backdoored systems that they run on.

    Your carrier can install arbitrary code, without your knowledge, on both your baseband and your SIM card, and depending on your phones implementation, have direct (as in DMA) access to your entire application processor and whatever OS and userland is running on it.

    There is no way around this. If it's a mobile phone, it cannot possible be secure and cannot in any way be considered your device.

  • by georgemcbay on 11/7/2014, 7:46 PM

    Haven't looked at it in a while but when I did previously it was prone to the nearly universal Android issue of leaking data through AccessibilityService, which is basically this:

    I leave my phone on my desk, Bob grabs it while I'm in the bathroom, turns on Unknown Sources, installs an apk from a known URL which implements an accessibility service that forwards all TextView contents over to his nefarious logging servers.

    Once he installs this service (rooting and USB connection not required, just physical access to a non-PIN-locked phone and takes about 5-10 seconds to do if you've already posted an apk ready to install to some public url) it will always be running and come up on startup whenever the phone is rebooted and never show me any indication that it is running (unless the service ANRs or crashes or I go to the Accessibility settings page in the OS settings which I am unlikely to do as a user who doesn't require any special accessibility features).

    Bob then puts my phone back and I begin to use it unawares. All of my data that is displayed to the UI at all is leaking regardless of how secure the network protocol is.

    Take-aways:

    If you are an Android user and care about things like secure chat being actually secure, PIN protect your phone or glue the phone to your skin so nobody can install an APK without your knowledge.

    If you create an ostensibly secure Android app consider querying AccessibilityManager occasionally to take a look and see if any accessibility services are running and if they are indicate this to the user in some visible fashion that explains the risks, this allows people who have legitimate accessibility issues to use the app but mitigates the possibility of a data leak that the user is completely unaware of. Or alternately use an accessibility delegate on all your TextViews and other leaky widgets and have a setting in your app where when this filtering is disabled it is obvious to the user.

  • by kristofferR on 11/7/2014, 11:49 AM

    A few friends of mine really really tried to switch from Hangouts to TextSecure, but we couldn't do it - it was just too painful, complicated and buggy. We're using Telegram now and it's at least way better than Hangouts and TextSecure on the user experience, even though it's less secure than TextSecure.

    Are there any good secure messengers out there that truly works cross platform (iOS, Android and Web/Win/OSX)? It's a shame that something like Telegram seems to be the best right now, considering its dodgy security model.

  • by Tepix on 11/7/2014, 11:40 AM

    Right now, the most insecure aspect of TextSecure is that it's not yet available on iOS. Can't wait!

    Also, I hope in the long run it'll be decentralized like XMPP. I'd prefer to run my own server to make it harder to gather metadata on a large scale.

  • by ll1t on 11/7/2014, 5:34 PM

    I'm one of the authors of "How secure is TextSecure?". Here is my take on the paper and the developers' comments: https://medium.com/@ll1t/re-how-secure-is-textsecure-cd0ff0f...

  • by lmedinas on 11/7/2014, 11:35 AM

    Got to love Simpsons analogy in the text.

  • by smnrchrds on 11/7/2014, 11:43 AM

    How does TextSecure do group chat?

  • by manuw on 11/7/2014, 4:51 PM

    Never had problems with Secure text. I use it every day.

  • by rsync on 11/7/2014, 9:14 PM

    TextSecure cannot be any more secure than the intentionally backdoored systems that they run on.

    Your carrier can install arbitrary code, without your knowledge, on both your baseband and your SIM card, and depending on your phones implementation, have direct (as in DMA) access to your entire application processor and whatever OS and userland is running on it.

    There is no way around this. If it's a mobile phone, it cannot possible be secure and cannot in any way be considered your device.

  • by rsync on 11/7/2014, 9:14 PM

    TextSecure cannot be any more secure than the intentionally backdoored systems that they run on.

    Your carrier can install arbitrary code, without your knowledge, on both your baseband and your SIM card, and depending on your phones implementation, have direct (as in DMA) access to your entire application processor and whatever OS and userland is running on it.

    There is no way around this. If it's a mobile phone, it cannot possible be secure and cannot in any way be considered your device.