Freitag, 7. November 2014

How Secure is TextSecure?

Instant Messaging has attracted a lot of attention by users for both private and business communication and has especially gained popularity as low-cost short message replacement on mobile devices. However, most popular mobile messaging apps do not provide end-to-end security. Press releases about mass surveillance performed by intelligence services such as NSA and GCHQ lead many people looking for means that allow them to preserve the security and privacy of their communication on the Internet. Additionally fueled by Facebook's acquisition of the hugely popular messaging app WhatsApp, alternatives that claim to provide secure communication experienced a significant increase of new users.

A messaging app that has attracted a lot of attention lately is TextSecure an app that claims to provide secure instant messaging and has a large number of installations via Google's Play Store. It's protocol is part of Android's most popular aftermarket firmware CyanogenMod. In a paper we have recently uploaded on eprint, we present the first complete description of TextSecure's complex cryptographic protocol and are the first to provide a thorough security analysis of TextSecure. Among other findings, we present an Unknown Key-Share Attack on the protocol, along with a mitigation strategy. Furthermore, we formally prove that---if our mitigation is applied---TextSecure's push messaging can indeed achieve the goals of authenticity and confidentiality.

After the first upload the paper received much attention. A discussion started, e.g., on the ModernCrypto Mailing List, at Reddit and at Hacker News. We posted a response on the former discussion on Medium.

The paper gets also mentioned in many non-technical articles, most of which appreciate our research, e.g.,, TheRegister and Softpedia and is taken into considerations by the Electronic Frontier Foundation for their Secure Messaging Scorecard.