[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKws9z33ss4yU9vod3zttqAc4F5=W9o1m70mJ+hnE-a1JWWPsg@mail.gmail.com>
Date: Tue, 23 Jun 2015 02:07:51 -0400
From: Scott Arciszewski <scott@...agonie.com>
To: fulldisclosure@...lists.org
Subject: [FD] Minds.com - Several Issues
The Hype
========
Before we begin, let's look at some of the hype that the Minds.com
team has been feeding into on Twitter.
https://twitter.com/minds/status/611536729175130112 ~>
> #Anonymous backs new #encrypted #social network to rival Facebook http://www.infowars.com/anonymous-backs-new-encrypted-social-network-to-rival-facebook/ #minds #opensource #freedom #algorithm
https://twitter.com/minds/status/612023517962477568 ~>
> Anonymous Is Championing a Social Network That Has One Major Advantage Over Facebook by @maxplenke http://mic.com/articles/121010/anonymous-supports-privacy-focused-social-network-minds-advantage-over-facebook … via @MicNews
https://twitter.com/minds/status/610499794834821121 ~>
> #Anonymous is supporting a new privacy-focused #social network that takes aim at Facebook's shady practices http://read.bi/1cW4uSz via @sai
https://twitter.com/WiredUK/status/610732859373043712 ~>
> Anonymous backs encrypted social network 'Minds' http://wired.uk/8TxXRq
Wow, if Anonymous backs this project, surely it must be legitimate and
secure, right?
The Reality
===========
Prior Work by VoidSec
---------------------
I'd like to bring everyone's attention to this report by VoidSec which
discloses multiple XSS holes in their platform:
http://voidsec.com/minds-com-full-disclosure/
Cryptography Design Flaws
-------------------------
1. The client will blindly trust any public key the server provides.
https://github.com/Minds/mobile/blob/75f2488880a08b30e439404594c7703258aead65/www/js/controllers/gatherings/ChatConversationCtrl.js#L37-L54
The server can therefore trivially MitM any communication, thus
rendering the encryption completely useless.
2. Weak RSA
https://github.com/Minds/mobile/blob/55766e5514aec31559cc407f6bee8b2eff2b4d74/plugins/org.apache.cordova.crypt/src/android/Crypt.java#L70-L114
I thought that Bleichenbacher had driven the final nail in the coffin
of PKCS1 padding. This doesn't appear to expose an oracle (since
success/failure state is never transmitted over the network on
decryption), but it's possible I overlooked something.
The Lesson
==========
Although PKI (problem 1) is challenging, Minds.com gives the server
all the power without attempting to add any sort of identity
verification to the app.
If anyone needs to communicate privately with someone else, the
solution is to use TextSecure and/or Signal. (If you aren't already
using these free apps, why not?)
And please, if you're going to roll your own cryptography, don't deploy it.
http://www.cryptofails.com/post/75204435608/write-crypto-code-dont-publish-it
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists