lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 15 Feb 2013 10:13:16 -0500
From: Ali-Reza Anghaie <ali@...ketknife.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: SilentCircle (Encrypted VoIP auditing) -
	Please cooperate

Below is a version of the pad trimmed with certain summaries at the
top. Also included below is a response from Jon Callas of Silcent
Circle to the initial pad that addresses some of the other issues. Of
course much is left to be done but this follow-up is worth having.
It'll be easier to follow.. Cheers, -Ali


--- START PAD ---
NOTE: The original pad is being vadalized. A backup of the content,
before nonsense, of that pad can be had at
http://pastebit.com/pastie/12001 for background reading. A Summary of
the useful parts of that pad is:

- The TiViPhone base appears to be an acquisition by SilentCircle and
the (c) reflects that. Also a number of the TiViPhone employees are SC
employees.
- The ZRTPCPP library being used is also maintained primarily by a SC
employee and is not entirely unrelated.
- We do not have a clear source vs binary tree relationship here and
can't vouch that the code that has been released is a fully accurate
representation of the product Silent Circle has shipped.

What remains below is now the "meat" of the interesting discussion.

CODE: https://github.com/SilentCircle

---

* It does use an outdated SSL library (PolarSSL 1.1.1) with some known
security vulnerabilities ?
        •    Latest version is 1.2.5 (2013-02-02), the project seems
very active as 1.1.1 has been released 2012-01-23
        •    PolarSSL Security Advisory:
https://polarssl.org/tech-updates/security-advisories (most recent
advisory Feb 2nd) .
        •    PolarSSL Changelog
https://github.com/polarssl/polarssl/blob/master/ChangeLog
        •    they embed 1.1.1 and 1.1.4 in libs, but I only find 1.1.1
usage in the code
        •    TODO: It should be checked in details if that 1.1.1 is
vuln and/or patched to some of the advisory.
        •    ^--- PolarSSL 1.1.1 suffers from "Weak Diffie-Hellman and
RSA key generation":
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2012-01
        •    Easily a non-issue as w/ many other projects. Verifying
against binaries is tougher. The updated codebase that was uploaded
does not appear to show signs of back-ported patching so they keep
upgrading the version they use - perfectly reasonable as long as we
can get an idea of what is exactly used in each subsequent release to
the App Store and Google Play.

---

* It does use an outdated version of ZRTPCPP library?
  Looking at libs/zrtp/Changelog it does use ZRTPCPP 1.5.2 version
(released on 05-Dec-2010).
  Latests version is libzrtpcpp 2.3.2 (released on 20-Nov-2012)
  ZRTPCPP 1.5/1.6/2.3 download: http://ftp.gnu.org/gnu/ccrtp/ .

---

* It does reveal their test/development server?
  In the file ./apple/ios/VoipPhone/settings.txt there is the hostname
fs-devel.silentcircle.org with ip 50.116.49.43

   Do we have that code too? It would be nice to have a full
development enviornment to play with / even a fake one would have its
uses.

   That's a nice inquiry. It would be also very interesting, while i
think it's not doable technically for smartphone platforms's
constraints, to have "Deterministic Building" to always have the exact
checksum of files given the same build process repeated in the same
environment (Unfortunately that's an hard topic, due to various
timestamps and stuff that linked put into the executable
files).//AppStore binaries are encrypted/heavily obfusticated...
right, proving the released binary match the released source code is
hard.

---

Unless the build is reproducible and verifiable, releasing the source
is pretty meaningless. <-- THIS <--- Seconded

A release of source against each App Store or Google Play edition
seems to be in order - that isn't unlike other projects spreading legs
on both sides of the App Store and FOSS fence.

---

TODO: It would be nice if someone could share an url with a backup of
an "Installed and configured SilentCircle" to look at!.
I am trying to read some code. They are just a peice of mess. Like
this: smartphone/codecs/vTiVi/ep.cpp. It is like something from a
decompiler (even the indentation didn't conform)+1 definitely not iOS
devs

---

Like this: (this is a library search path for one of the libs)
"$(SRCROOT)/../../../../../Library/Developer/Xcode/DerivedData/werner_zrtp-gibkbzjaoguukggnpjvrvnwattfm/Build/Products/Debug-iphoneos"
 <that's very bad and stupid, if they just brought the zrtp project
into the same workspace xcode would handle all of this automagically
for them
// I am wondering how did they get this mess run on a phone. It's very
fraigle, likely this environement works on the developer's machine
(lol) and was good enough to generate a binary for app store
submission. If we would have gotten lucky we might have seen his
username in one of the search paths but no dice.

---

* In ./silentphone/tiviengine/prov.cpp there is some kind of
provisioning protocols, used probably to auto-configure the voip
clients.
Interesting the following strings:
        http://sccps.silentcircle.com/provisioning/silent_phone/tivi_cfg.xml?api_key=12345^M
        http://sccps.silentcircle.com/provisioning/silent_phone/settings.txt?api_key=12345^M
        http://sccps.silentcircle.com/provisioning/silent_phone/tivi_cfg_glob.txt?api_key=12345^M
   const char *pLink="https://accounts.silentcircle.com";^M

        It should be evaluated the capability for a government
censoring/filtering host to block the user out by blocking
accounts.silentcircle.com or sccps.silentcircle.com. Maybe some
dynamic methods is in place?

---

   const char *dev_id=t_getDevID_md5();^M <--- What's up with these
functions? Maybe the IMEI/UDID of the Phone hashed with md5?
   TODO: Someone should check it!
   const char *dev_name=t_getDev_name();^M Only works on IOS, returns
UTF8String of NSString *n = [[UIDevice currentDevice]model]; That's
something like "iPhone5" or "iPhone4s"? If so, it's less privacy
invasive.

   It should be evaluated the privacy impact of retrieving the "name"
of the device (Is that the name of the phone?) that could be stored
somewhere (how?).
        Additionally it should be considered that if the "Device ID"
is an IMEI, even hashing it with MD5, could make it easily reversable
by Silentcircle to retrieve it. TODO: Checkit
   NSString *n = [[UIDevice currentDevice]uniqueIdentifier];
        These UDID's were rendered useless a while ago weren't they?
There is an advertising udid framework but you can request a fresh ID
whenever you want.
It's IOS's ^^^ yeah.
It is deprcated since iOS5:
https://developer.apple.com/library/prerelease/ios/#documentation/UIKit/Reference/UIDevice_Class/DeprecationAppendix/AppendixADeprecatedAPI.html
   It should be asked what are the privacy handling for those data and
if those can be additionally "privacy enforced" .

---

Are UI Bugs worth finding? Sometimes they can actually lead to code
execution. For example, setting your nickname to be something that can
exploit the UI for nickname display and execute code... or just
mislead the user? Part of the UI includes presenting security phrases
for validation, it's worth scrutinizing. From an OPSEC perspective it
might lead to leeks as well.

---

Random iOS tidbit of information: if you go into settings.app and
change any permissions for address book/photos/etc… any applications
running that require those permissions will automatically forcequit.

---

QUESTION: What this certificate is used for ?
TODO: We should check to see if this certificate is used for TLS
Validation? If so that's cool, that it does not rely on third party
CA.
const char *pEntrustCert=^M
"-----BEGIN CERTIFICATE-----\r\n"^M
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\r\n"^M
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\r\n"^M
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\r\n"^M
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\r\n"^M
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\r\n"^M
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\r\n"^M
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\r\n"^M
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\r\n"^M
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\r\n"^M
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\r\n"^M
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\r\n"^M
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\r\n"^M
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\r\n"^M
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\r\n"^M
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\r\n"^M
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\r\n"^M
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\r\n"^M
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\r\n"^M
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\r\n"^M
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\r\n"^M
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\r\n"^M
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\r\n"^M
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\r\n"^M
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\r\n"^M
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\r\n"^M
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\r\n"^M
"-----END CERTIFICATE-----\r\n"^M

---

* A Backup of the Pad content has been put read-only online (with some
comments and further analysis to be done)
  * http://pastebit.com/pasties/store/12001/silentcircle.html
  * http://pastebin.com/dKRPrGMN

* SilentCircle source code has been temporarily removed from
Github:https://github.com/SilentCircle/silent-phone-base

* Nadim opened a ticket to ask about the code
back:https://github.com/SilentCircle/silent-phone-base/issues/1

* A new (different) version of the code has been uploaded
online:https://github.com/SilentCircle/silent-phone-base

* Someone in the meantime put the original code back online (as a zip
archive):http://jednorog.sneakyness.com/1U060B2S3I1P

* A diff between the "original SC open source release"  and the "modified
SC open source release" reveal some code difference
 * Output of git diff "original/silent-phone-base
new/silent-phone-base/ sc. patch" is available at
http://codepad.org/eQkexG2R
--- END PAD ---


--- START EMAIL ---
---------- Forwarded message ----------
From: Jon Callas
Date: Thu, Feb 14, 2013 at 11:28 AM
Subject: Answers to some of your questions


Hi, Ali-Reza.

I saw your pastebit with some questions, and let me answer. You may
repost this mail to liberation tech or anywhere else.

* A Latvian company wrote most of the software, not SilentCircle

When we formed Silent Circle, we looked around for people to partner
with. We selected Tivi because they're really cool people -- I used
their ZRTP-enabled VOIP client back in the days when I had a Nokia
N95. We picked them in part because they were willing to release
source code. (Other potential partners were not willing.)

Our partnership with them includes that code base, and that they work
for us full-time now. They're some of our main developers now.

I have a bit of a raised eyebrow at this comment. (Yes, I know it's
not your words, you're also explaining.) It sounds to me like whoever
is making that comment is implying that there's something wrong with
Latvia. Riga was for many, many years a center of European high-tech
until the dark days of WWII and Soviet occupation. It's a lovely place
filled with incredibly smart, friendly people. It is a part of the EU,
and also a NATO nation. Our team in Riga. We picked them because they
rock.

Perhaps the comment comes from the fact that they were in business
before our partnership. It's relatively common in high-tech that
companies enter into partnerships with others. Google, Microsoft,
Apple, Facebook, and others often use some sort of relationship like
this to get software or technologies that they didn't have, so that it
speeds up development. We are hardly unique in this.

Perhaps I don't understand. If someone could explain the objection to
me, I'm happy to address it further.

* Application is designed for VoIP, not specifically for Security

It's a secure VOIP client. Because of its history, there's a lot of
latent capability in it that is VOIP related. Is there an actual
question or objection?

* It does use an outdated SSL library (PolarSSL 1.1.1) with some known
security vulnerabilities ?

No, we're using PolarSSL 1.1.4. We did not include the PolarSSL code
in the drop because we didn't want to figure out the licensing
details.

* It does not use LibZRTP by Philip Zimmermann used in Zfone but ZRTPCPP

That is correct. We're using Werner Dittmann's library. We like it. We
like it so much that Werner is working for us. Werner rocks.

* It does use an outdated version of ZRTPCPP library?

I don't believe so. If anything, we're using a version of it that is
newer than anyone else's; Werner works for us, now.

Should we need release a new version, we will.

* It does reveal their test/development server?

- "I wonder if they are hiring new iOS devs now?"

Yes, we are. We also need Android devs, and need them more than iOS
devs. Feel free to send résumés to <jobs@...entcircle.com>. Note that
we are a highly-distributed company with developers and staff
stretched from Latvia to Greece, to the Pacific West. Location almost
does not matter. 31337 skillz do.

I will also note that the code of the VOIP system is the same across
all our apps. It gets compiled for iOS and Android, as well as Windows
(Silent Eyes). Each OS has its own UX skin on top of the code VOIP
system.

- "I'd say anything that gets Silent Circle to actually answer
questions proper is useful, if that is the result."

Feel free to send questions to me, or to "security@...entcircle.com"

* In ./silentphone/tiviengine/prov.cpp there is some kind of
provisioning protocols, used probably to auto-configure the voip
clients.

Good catch! Yes, indeed, we provision the clients ourselves. Silent
Circle is a *SERVICE* not an app.

* It should be evaluated the capability for a government
censoring/filtering host to block the user out by blocking
accounts.silentcircle.com or sccps.silentcircle.com. Maybe some
dynamic methods is in place?

We'd love to hear suggestions. If someone's suggestion is particularly
clever, feel free to attach a résumé.

* It should be asked what are the privacy handling for those data and
if those can be additionally "privacy enforced" .

Feel free to ask. I don't understand the question, myself.

* QUESTION: What this certificate is used for ?
TODO: We should check to see if this certificate is used for TLS
Validation? If so that's cool, that it does not rely on third party
CA.

Got it in one! Thank you for thinking it's cool.

Again, feel free to forward this mail to anyone, and I'm happy to
entertain questions from anyone.

        Jon

-----
Jon Callas
Chief Technical Officer
Silent Circle, LLC
--- END EMAIL ---

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ