This was circulated on libtech and here it is for your consideration too. It confirms some of the ramblings on the pad, disposes of some others, .. Also attached is a condensed version of the pad after "summary" was put at the top. Cheers, -Ali ---------- Forwarded message ---------- From: Jon Callas Date: Thu, Feb 14, 2013 at 11:28 AM Subject: Answers to some of your questions To: Ali-Reza Anghaie Cc: Jon Callas Hi, Ali-Reza. I saw your pastebit with some questions, and let me answer. You may repost this mail to liberation tech or anywhere else. * A Latvian company wrote most of the software, not SilentCircle When we formed Silent Circle, we looked around for people to partner with. We selected Tivi because they're really cool people -- I used their ZRTP-enabled VOIP client back in the days when I had a Nokia N95. We picked them in part because they were willing to release source code. (Other potential partners were not willing.) Our partnership with them includes that code base, and that they work for us full-time now. They're some of our main developers now. I have a bit of a raised eyebrow at this comment. (Yes, I know it's not your words, you're also explaining.) It sounds to me like whoever is making that comment is implying that there's something wrong with Latvia. Riga was for many, many years a center of European high-tech until the dark days of WWII and Soviet occupation. It's a lovely place filled with incredibly smart, friendly people. It is a part of the EU, and also a NATO nation. Our team in Riga. We picked them because they rock. Perhaps the comment comes from the fact that they were in business before our partnership. It's relatively common in high-tech that companies enter into partnerships with others. Google, Microsoft, Apple, Facebook, and others often use some sort of relationship like this to get software or technologies that they didn't have, so that it speeds up development. We are hardly unique in this. Perhaps I don't understand. If someone could explain the objection to me, I'm happy to address it further. * Application is designed for VoIP, not specifically for Security It's a secure VOIP client. Because of its history, there's a lot of latent capability in it that is VOIP related. Is there an actual question or objection? * It does use an outdated SSL library (PolarSSL 1.1.1) with some known security vulnerabilities ? No, we're using PolarSSL 1.1.4. We did not include the PolarSSL code in the drop because we didn't want to figure out the licensing details. * It does not use LibZRTP by Philip Zimmermann used in Zfone but ZRTPCPP That is correct. We're using Werner Dittmann's library. We like it. We like it so much that Werner is working for us. Werner rocks. * It does use an outdated version of ZRTPCPP library? I don't believe so. If anything, we're using a version of it that is newer than anyone else's; Werner works for us, now. Should we need release a new version, we will. * It does reveal their test/development server? - "I wonder if they are hiring new iOS devs now?" Yes, we are. We also need Android devs, and need them more than iOS devs. Feel free to send risumis to . Note that we are a highly-distributed company with developers and staff stretched from Latvia to Greece, to the Pacific West. Location almost does not matter. 31337 skillz do. I will also note that the code of the VOIP system is the same across all our apps. It gets compiled for iOS and Android, as well as Windows (Silent Eyes). Each OS has its own UX skin on top of the code VOIP system. - "I'd say anything that gets Silent Circle to actually answer questions proper is useful, if that is the result." Feel free to send questions to me, or to "security@silentcircle.com" * In ./silentphone/tiviengine/prov.cpp there is some kind of provisioning protocols, used probably to auto-configure the voip clients. Good catch! Yes, indeed, we provision the clients ourselves. Silent Circle is a *SERVICE* not an app. * It should be evaluated the capability for a government censoring/filtering host to block the user out by blocking accounts.silentcircle.com or sccps.silentcircle.com. Maybe some dynamic methods is in place? We'd love to hear suggestions. If someone's suggestion is particularly clever, feel free to attach a risumi. * It should be asked what are the privacy handling for those data and if those can be additionally "privacy enforced" . Feel free to ask. I don't understand the question, myself. * QUESTION: What this certificate is used for ? TODO: We should check to see if this certificate is used for TLS Validation? If so that's cool, that it does not rely on third party CA. Got it in one! Thank you for thinking it's cool. Again, feel free to forward this mail to anyone, and I'm happy to entertain questions from anyone. Jon ----- Jon Callas Chief Technical Officer Silent Circle, LLC email: jon@silentcircle.com Silent Phone: jon NOTE: The original pad is being vadalized. A backup of the content, before nonsense, of that pad can be had at http://pastebit.com/pastie/12001 for background reading. A Summary of the useful parts of that pad is: - The TiViPhone base appears to be an acquisition by SilentCircle and the (c) reflects that. Also a number of the TiViPhone employees are SC employees. - The ZRTPCPP library being used is also maintained primarily by a SC employee and is not entirely unrelated. - We do not have a clear source vs binary tree relationship here and can't vouch that the code that has been released is a fully accurate representation of the product Silent Circle has shipped. What remains below is now the "meat" of the interesting discussion. CODE: https://github.com/SilentCircle --- * It does use an outdated SSL library (PolarSSL 1.1.1) with some known security vulnerabilities ? ??? Latest version is 1.2.5 (2013-02-02), the project seems very active as 1.1.1 has been released 2012-01-23 ??? PolarSSL Security Advisory: https://polarssl.org/tech-updates/security-advisories (most recent advisory Feb 2nd) . ??? PolarSSL Changelog https://github.com/polarssl/polarssl/blob/master/ChangeLog ??? they embed 1.1.1 and 1.1.4 in libs, but I only find 1.1.1 usage in the code ??? TODO: It should be checked in details if that 1.1.1 is vuln and/or patched to some of the advisory. ??? ^--- PolarSSL 1.1.1 suffers from "Weak Diffie-Hellman and RSA key generation": https://polarssl.org/tech-updates/security-advisories/polarssl-security-advi... ??? Easily a non-issue as w/ many other projects. Verifying against binaries is tougher. The updated codebase that was uploaded does not appear to show signs of back-ported patching so they keep upgrading the version they use - perfectly reasonable as long as we can get an idea of what is exactly used in each subsequent release to the App Store and Google Play. --- * It does use an outdated version of ZRTPCPP library? Looking at libs/zrtp/Changelog it does use ZRTPCPP 1.5.2 version (released on 05-Dec-2010). Latests version is libzrtpcpp 2.3.2 (released on 20-Nov-2012) ZRTPCPP 1.5/1.6/2.3 download: http://ftp.gnu.org/gnu/ccrtp/ . --- * It does reveal their test/development server? In the file ./apple/ios/VoipPhone/settings.txt there is the hostname fs-devel.silentcircle.org with ip 50.116.49.43 Do we have that code too? It would be nice to have a full development enviornment to play with / even a fake one would have its uses. That's a nice inquiry. It would be also very interesting, while i think it's not doable technically for smartphone platforms's constraints, to have "Deterministic Building" to always have the exact checksum of files given the same build process repeated in the same environment (Unfortunately that's an hard topic, due to various timestamps and stuff that linked put into the executable files).//AppStore binaries are encrypted/heavily obfusticated... right, proving the released binary match the released source code is hard. --- Unless the build is reproducible and verifiable, releasing the source is pretty meaningless. <-- THIS <--- Seconded A release of source against each App Store or Google Play edition seems to be in order - that isn't unlike other projects spreading legs on both sides of the App Store and FOSS fence. --- TODO: It would be nice if someone could share an url with a backup of an "Installed and configured SilentCircle" to look at!. I am trying to read some code. They are just a peice of mess. Like this: smartphone/codecs/vTiVi/ep.cpp. It is like something from a decompiler (even the indentation didn't conform)+1 definitely not iOS devs --- Like this: (this is a library search path for one of the libs) "$(SRCROOT)/../../../../../Library/Developer/Xcode/DerivedData/werner_zrtp-gibkbzjaoguukggnpjvrvnwattfm/Build/Products/Debug-iphoneos" http://sccps.silentcircle.com/provisioning/silent_phone/tivi_cfg.xml?api_key=12345^M http://sccps.silentcircle.com/provisioning/silent_phone/settings.txt?api_key=12345^M http://sccps.silentcircle.com/provisioning/silent_phone/tivi_cfg_glob.txt?api_key=12345^M const char *pLink="https://accounts.silentcircle.com";^M It should be evaluated the capability for a government censoring/filtering host to block the user out by blocking accounts.silentcircle.com or sccps.silentcircle.com. Maybe some dynamic methods is in place? --- const char *dev_id=t_getDevID_md5();^M <--- What's up with these functions? Maybe the IMEI/UDID of the Phone hashed with md5? TODO: Someone should check it! const char *dev_name=t_getDev_name();^M Only works on IOS, returns UTF8String of NSString *n = [[UIDevice currentDevice]model]; That's something like "iPhone5" or "iPhone4s"? If so, it's less privacy invasive. It should be evaluated the privacy impact of retrieving the "name" of the device (Is that the name of the phone?) that could be stored somewhere (how?). Additionally it should be considered that if the "Device ID" is an IMEI, even hashing it with MD5, could make it easily reversable by Silentcircle to retrieve it. TODO: Checkit NSString *n = [[UIDevice currentDevice]uniqueIdentifier]; These UDID's were rendered useless a while ago weren't they? There is an advertising udid framework but you can request a fresh ID whenever you want. It's IOS's ^^^ yeah. It is deprcated since iOS5: https://developer.apple.com/library/prerelease/ios/#documentation/UIKit/Refe... It should be asked what are the privacy handling for those data and if those can be additionally "privacy enforced" . --- Are UI Bugs worth finding? Sometimes they can actually lead to code execution. For example, setting your nickname to be something that can exploit the UI for nickname display and execute code... or just mislead the user? Part of the UI includes presenting security phrases for validation, it's worth scrutinizing. From an OPSEC perspective it might lead to leeks as well. --- Random iOS tidbit of information: if you go into settings.app and change any permissions for address book/photos/etc??? any applications running that require those permissions will automatically forcequit. --- QUESTION: What this certificate is used for ? TODO: We should check to see if this certificate is used for TLS Validation? If so that's cool, that it does not rely on third party CA. const char *pEntrustCert=^M "-----BEGIN CERTIFICATE-----\r\n"^M "MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\r\n"^M "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\r\n"^M "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\r\n"^M "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\r\n"^M "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\r\n"^M "MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\r\n"^M "ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\r\n"^M "b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\r\n"^M "bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\r\n"^M "U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\r\n"^M "A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\r\n"^M "I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\r\n"^M "wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\r\n"^M "AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\r\n"^M "oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\r\n"^M "BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\r\n"^M "dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\r\n"^M "MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\r\n"^M "b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\r\n"^M "dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\r\n"^M "MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\r\n"^M "E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\r\n"^M "MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\r\n"^M "hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\r\n"^M "95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\r\n"^M "2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\r\n"^M "-----END CERTIFICATE-----\r\n"^M --- * A Backup of the Pad content has been put read-only online (with some comments and further analysis to be done) * http://pastebit.com/pasties/store/12001/silentcircle.html * http://pastebin.com/dKRPrGMN * SilentCircle source code has been temporarily removed from Github:https://github.com/SilentCircle/silent-phone-base * Nadim opened a ticket to ask about the code back:https://github.com/SilentCircle/silent-phone-base/issues/1 * A new (different) version of the code has been uploaded online:https://github.com/SilentCircle/silent-phone-base * Someone in the meantime put the original code back online (as a zip archive):http://jednorog.sneakyness.com/1U060B2S3I1P * A diff between the "original SC open source release" and the "modified SC open source release" reveal some code difference * Output of git diff "original/silent-phone-base new/silent-phone-base/ sc. patch" is available at http://codepad.org/eQkexG2R _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE