Side channel when using Signal on Android?

[pmikep]

So I dropped WA a while ago and switched to Signal Messenger. On the assumption that Signal is secure (but they sure have a lot of updates), I wonder if the Android OS itself can leak info about what one is messaging? For example, if you have a SWYPE keyboard, is it phoning home, telling Microsoft the words that you type in Signal? [MODERATOR edit to remove inflammatory political reference.]

And what is Android itself sending to Google? Half of my phones are rooted with either a custom ROM (no Google Play stuff) and AFWall+, or stock OS and AFWall+. On the rooted phones with stock OS but AFWall+, I see (and stop) stuff trying to talk to Google.

But the phone that I use for Signal cannot be rooted, so I can only use a rudimentary (VPN-based) non-root firewall on it. (Which, as a minimum, cannot stop Google Play.)

Am I being stupid? Am I (and most others) open to side channel leaks when using Signal on non-rooted, non-locked down phones?

 

[PHolder]

I understand your worry, but I'd also suggest you're also being pretty paranoid. If you don't trust Google, you should not use Android. If you don't trust Microsoft you should not use Windows. Etc. Perhaps you'd like to try the PinePhone which runs your choice of OS, many of which are Linux based.

 

[pmikep]

Tnx for the pointer to the PinePhone. (I had never heard of it.)

As for trusting Google and MS: In addition to Steve's motto, TNO, given current events, it's very clear that Google is not a disinterested, disengaged software company. You suggest that I'm being pretty paranoid. I suggest that you won't try a simple test of privately texting something questionable over an Android phone that could result in a visit from the authorities if intercepted.

Nor do I trust Microsoft. I presume that there is a back door in Win10 that no one has found yet. But between Comodo (and the NSA's complaints about it) and NTLite (stripping components out from Windows, like RDP) lowering my attack surface, I feel reasonably secure with it.

Although still, I do not feel that I am free to speak while using the latter. And I still don't have definitive info about Signal and the former.

 

[Steve]

So I dropped WA a while ago and switched to Signal Messenger. On the assumption that Signal is secure (but they sure have a lot of updates), I wonder if the Android OS itself can leak info about what one is messaging?

In a word... YES, Absolutely! NO USE of a smartphone is actually secure and private. It's a nice illusion, but it's only that. Assuming that the encryption was implemented correctly, the encrypted channel itself cannOT be decrypted by anyone without the key. So it does robustly protect the conversation from eavesdropping by someone sniffing its traffic en-route.

But, who knows who else may have the key? And the unencrypted data going into the encrypted channel or emerging after decrypted is entirely exposed.

Security and privacy is an illusion. It's comforting. But I'm certain that all of this worry over encryption just makes the CIA and NSA chuckle.

I've said on the podcast many times that if you want to have a private conversation with someone you trust, go out into the middle of an empty field with a thick blanket. Leave your Smartphones in your cars and bring NO technology with you. Then huddle underneath the thick blanket and whisper into each other's ear.

I'm not paranoid, I don't do that. But neither do I have any need for truly secret and private conversations. But most people who use these encrypted systems are under the impression that their conversations are private. When, in fact, they are only being protected from a very specific — and not very relevant — threat actor.

 

[pmikep]

Thanks, Steve. Kinda what I thought.

There are anecdotal stories which seem believable (and enough of them saying the same thing from independent sources) that in Communist Russia, husbands and wives would go into bathrooms, turn on the water (white noise), huddle, and whisper about their leaders and their government.

I fear this is coming to a country near me. I guess I had better pull back (more) on what I think/say.

 

[pmikep]

And you're not even totally secure walking out to the middle of an empty field. I've been looking at satellite images of our house lately. I can make out lawn furniture in the back yard. Assuming the govt's satellites/optics/enhancement is 10x better, then, although the govt might not know what you say under your thick blanket, it will know that Alice met Bob. Which might be all the mega-data it needs to know. (As in Orwell's 1984 with Winston and Julia.)

 

[Barry Wallis]

@pmikep Since satellite surveillance is a limited resource you have to be the kind of person the government is tracking or in an area they are constantly watching.

 

[PHolder]

satellite images of our house

Yes, all true, but satellite tracking is VERY expensive because it's a physical satellite with a very expensive camera and limited propellant. Accordingly, there are only a set number of them to use, and unless you are a VERY interesting target, you're not going to end up tracked in anything close to real time. The satellites that Google rents for satellite imaging for their Maps product are on a fixed schedule, and presumably take pictures all the time, and Google is able to select which pictures it wants to buy, probably months or years (to get a good price) after they were taken.

 

[danlock]

...and Google's satellite images aren't state-of-the-art. They can't read the text on a card you're holding, for example, or see melanoma spots on your scalp. But (the ones that can) are 'top-secret.'

 

[pmikep]

I'm getting off topic, but I wonder what the physical limitations are on optical resolution? Isn't scintillation alone enough to blur an image of text on a card taken from a few hundred miles up? Even if over sampled 1000x. (But who's going to hold a card steady for that long.)

On another note, I was talking to an HP engineer years ago (WinXP days) about their 600 dpi Flat Bed scanner. The guy let it slip that their scanner was so good that it could see the micro-text in paper bills. (I have yet to find that using a loop.)

 

[Lob]

@Steve mentioned that the messengers are typically secure down to either the device sending the message being compromised and/or the device receiving the message being compromised - that is where the plain text is.

There is also one other way that the chat might be compromised, perhaps? Is it possible for example for WhatsApp or any other closed source client having a silent, non-displayed participant in the chat which would then allow them to eavesdrop on the conversation?

Not that my chats are anything interesting to snoop on as I mostly chat to my wife

 

[pmikep]

Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes

Signal is one of the most secure apps in the world. But if FBI agents have access to a device, they can still access supposedly-encrypted messages, even on a locked iPhone.

www.forbes.com

The obvious: If someone gets your phone, they can read your messages left in Signal Messenger.

So it seems that one should delete all messages after sent/received. But that makes me wonder about deleting files in, say, Android, and if, like Windows, deleted files aren't really deleted?

 

[PHolder]

deleted files aren't really deleted?

Flash memory has spares. It will never be possible to blank all the spares without a tool from the manufactured to accomplish this specific goal. In theory the contents of the flash is encrypted by modern Android OS versions. That sounds better than it is because if they "capture" the phone powered on after ever having the password input once, it remains in memory and can be captured. (It HAS to be this way without specific hardware in the phone to store the password for the flash and manage it, and as we well know Android targets highest capability for the lowest cost, and not security that doesn't fit within the budget.) The long and short of it is that government has enough money if they want to read that memory, they would find a way. (And also they get to lock you in jail until you provide the password/access, and few people are that principled to resist such pressure, unless the contents of the phone would already result in them being locked in jail for life.)

 

[pmikep]

Back to meeting in a field, under a thick blanket, at night, with no moon, cloud cover and perhaps writing everything down instead of speaking.

 

[SeanBZA]

The metadata is often more useful than the actual message content. You will be tracked, if a person of interest, either in real time, or via stored info from cellular providers after the fact, and thus your meetings will be all tracked. No need to get the keys to the conversations, it is easier for the three letter agencies to just ask for the information. not many people will still be quiet after a few minutes of the rubber hose method, or the more intense versions, and you will get a free, all expenses paid, trip to a sunny tropical island, with a room, full board and water provided, at no cost to you.