Donate for the Cryptome archive of files from June 1996 to the present

15 February 2013

Silent Circle Answers Questions


Date: Fri, 15 Feb 2013 10:19:55 -0500
From: Ali-Reza Anghaie <ali@packetknife.com>
To: cryptography[at]randombit.net
Subject: [cryptography] Fwd: Answers to some of your questions (Silent Circle responds..)

This was circulated on libtech and here it is for your consideration too.

It confirms some of the ramblings on the pad, disposes of some others, ..

Also attached is a condensed version of the pad after "summary" was put at the top.

Cheers, -Ali

---------- Forwarded message ----------
From: Jon Callas <jon[at]silentcircle.com>
Date: Thu, Feb 14, 2013 at 11:28 AM
Subject: Answers to some of your questions
To: Ali-Reza Anghaie <ali[at]packetknife.com>
Cc: Jon Callas <jon[at]silentcircle.com>

Hi, Ali-Reza.

I saw your pastebit with some questions, and let me answer. You may repost this mail to liberation tech or anywhere else.

* A Latvian company wrote most of the software, not SilentCircle

When we formed Silent Circle, we looked around for people to partner with. We selected Tivi because they're really cool people -- I used their ZRTP-enabled VOIP client back in the days when I had a Nokia N95. We picked them in part because they were willing to release source code. (Other potential partners were not willing.)

Our partnership with them includes that code base, and that they work for us full-time now. They're some of our main developers now.

I have a bit of a raised eyebrow at this comment. (Yes, I know it's not your words, you're also explaining.) It sounds to me like whoever is making that comment is implying that there's something wrong with Latvia. Riga was for many, many years a center of European high-tech until the dark days of WWII and Soviet occupation. It's a lovely place filled with incredibly smart, friendly people. It is a part of the EU, and also a NATO nation. Our team in Riga. We picked them because they rock.

Perhaps the comment comes from the fact that they were in business before our partnership. It's relatively common in high-tech that companies enter into partnerships with others. Google, Microsoft, Apple, Facebook, and others often use some sort of relationship like this to get software or technologies that they didn't have, so that it speeds up development. We are hardly unique in this.

Perhaps I don't understand. If someone could explain the objection to me, I'm happy to address it further.

* Application is designed for VoIP, not specifically for Security

It's a secure VOIP client. Because of its history, there's a lot of latent capability in it that is VOIP related. Is there an actual question or objection?

* It does use an outdated SSL library (PolarSSL 1.1.1) with some known security vulnerabilities?

No, we're using PolarSSL 1.1.4. We did not include the PolarSSL code in the drop because we didn't want to figure out the licensing details.

* It does not use LibZRTP by Philip Zimmermann used in Zfone but ZRTPCPP

That is correct. We're using Werner Dittmann's library. We like it. We like it so much that Werner is working for us. Werner rocks.

* It does use an outdated version of ZRTPCPP library?

I don't believe so. If anything, we're using a version of it that is newer than anyone else's; Werner works for us, now.

Should we need release a new version, we will.

* It does reveal their test/development server?

- "I wonder if they are hiring new iOS devs now?"

Yes, we are. We also need Android devs, and need them more than iOS devs. Feel free to send résumés to <jobs[at]silentcircle.com>. Note that we are a highly-distributed company with developers and staff stretched from Latvia to Greece, to the Pacific West. Location almost does not matter. 31337 skillz do.

I will also note that the code of the VOIP system is the same across all our apps. It gets compiled for iOS and Android, as well as Windows (Silent Eyes). Each OS has its own UX skin on top of the code VOIP system.

- "I'd say anything that gets Silent Circle to actually answer questions proper is useful, if that is the result."

Feel free to send questions to me, or to "security[at]silentcircle.com"

* In ./silentphone/tiviengine/prov.cpp there is some kind of provisioning protocols, used probably to auto-configure the voip clients.

Good catch! Yes, indeed, we provision the clients ourselves. Silent Circle is a *SERVICE* not an app.

* It should be evaluated the capability for a government censoring/filtering host to block the user out by blocking accounts.silentcircle.com or sccps.silentcircle.com. Maybe some dynamic methods is in place?

We'd love to hear suggestions. If someone's suggestion is particularly clever, feel free to attach a résumé.

* It should be asked what are the privacy handling for those data and if those can be additionally "privacy enforced" .

Feel free to ask. I don't understand the question, myself.

* QUESTION: What this certificate is used for ?

TODO: We should check to see if this certificate is used for TLS Validation? If so that's cool, that it does not rely on third party CA.

Got it in one! Thank you for thinking it's cool.

Again, feel free to forward this mail to anyone, and I'm happy to entertain questions from anyone.

Jon

-----
Jon Callas
Chief Technical Officer
Silent Circle, LLC
email: jon[at]silentcircle.com Silent Phone: jon


silentcircle_condensed_pad.txt [below]
_______________________________________________
cryptography mailing list
cryptography[at]randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


NOTE: The original pad is being vadalized. A backup of the content, before 
nonsense, of that pad can be had at http://pastebit.com/pastie/12001 for 
background reading. A Summary of the useful parts of that pad is:

- The TiViPhone base appears to be an acquisition by SilentCircle and the 
(c) reflects that. Also a number of the TiViPhone employees are SC employees.
- The ZRTPCPP library being used is also maintained primarily by a SC employee 
and is not entirely unrelated.
- We do not have a clear source vs binary tree relationship here and can't 
vouch that the code that has been released is a fully accurate representation 
of the product Silent Circle has shipped.

What remains below is now the "meat" of the interesting discussion.

CODE: https://github.com/SilentCircle

---

* It does use an outdated SSL library (PolarSSL 1.1.1) with some known security 
vulnerabilities ?
        •    Latest version is 1.2.5 (2013-02-02), the project seems very active 
as 1.1.1 has been released 2012-01-23
        •    PolarSSL Security Advisory: https://polarssl.org/tech-updates/
security-advisories (most recent advisory Feb 2nd) .
        •    PolarSSL Changelog https://github.com/polarssl/polarssl/blob/master/
ChangeLog 
        •    they embed 1.1.1 and 1.1.4 in libs, but I only find 1.1.1 usage in 
the code
        •    TODO: It should be checked in details if that 1.1.1 is vuln and/or 
patched to some of the advisory.
        •    ^--- PolarSSL 1.1.1 suffers from "Weak Diffie-Hellman and RSA key 
generation": https://polarssl.org/tech-updates/security-advisories/polarssl-
security-advisory-2012-01
        •    Easily a non-issue as w/ many other projects. Verifying against 
binaries is tougher. The updated codebase that was uploaded does not appear 
to show signs of back-ported patching so they keep upgrading the version they 
use - perfectly reasonable as long as we can get an idea of what is exactly 
used in each subsequent release to the App Store and Google Play.

---

* It does use an outdated version of ZRTPCPP library?
  Looking at libs/zrtp/Changelog it does use ZRTPCPP 1.5.2 version (released 
on 05-Dec-2010).
  Latests version is libzrtpcpp 2.3.2 (released on 20-Nov-2012)
  ZRTPCPP 1.5/1.6/2.3 download: http://ftp.gnu.org/gnu/ccrtp/ .

---

* It does reveal their test/development server?
  In the file ./apple/ios/VoipPhone/settings.txt there is the hostname 
fs-devel.silentcircle.org with ip 50.116.49.43

   Do we have that code too? It would be nice to have a full development 
enviornment to play with / even a fake one would have its uses.

   That's a nice inquiry. It would be also very interesting, while i think 
it's not doable technically for smartphone platforms's constraints, to have 
"Deterministic Building" to always have the exact checksum of files given 
the same build process repeated in the same environment (Unfortunately 
that's an hard topic, due to various timestamps and stuff that linked put 
into the executable files).//AppStore binaries are encrypted/heavily 
obfusticated... right, proving the released binary match the released 
source code is hard.

---

Unless the build is reproducible and verifiable, releasing the source is 
pretty meaningless. <-- THIS <--- Seconded

A release of source against each App Store or Google Play edition seems to 
be in order - that isn't unlike other projects spreading legs on both sides 
of the App Store and FOSS fence.

---

TODO: It would be nice if someone could share an url with a backup of an 
"Installed and configured SilentCircle" to look at!.
I am trying to read some code. They are just a peice of mess. Like this: 
smartphone/codecs/vTiVi/ep.cpp. It is like something from a decompiler 
(even the indentation didn't conform)+1 definitely not iOS devs

---

Like this: (this is a library search path for one of the libs) 
"$(SRCROOT)/../../../../../Library/Developer/Xcode/DerivedData/werner_zrtp-
gibkbzjaoguukggnpjvrvnwattfm/Build/Products/Debug-iphoneos"  <that's very 
bad and stupid, if they just brought the zrtp project into the same workspace 
xcode would handle all of this automagically for them
// I am wondering how did they get this mess run on a phone. It's very fraigle, 
likely this environement works on the developer's machine (lol) and was good 
enough to generate a binary for app store submission. If we would have gotten 
lucky we might have seen his username in one of the search paths but no dice.

---

* In ./silentphone/tiviengine/prov.cpp there is some kind of provisioning 
protocols, used probably to auto-configure the voip clients.
Interesting the following strings:
        http://sccps.silentcircle.com/provisioning/silent_phone/tivi_cfg.xml?
api_key=12345^M
        http://sccps.silentcircle.com/provisioning/silent_phone/settings.txt?
api_key=12345^M
        http://sccps.silentcircle.com/provisioning/silent_phone/tivi_cfg_
glob.txt?api_key=12345^M
   const char *pLink="https://accounts.silentcircle.com";^M

        It should be evaluated the capability for a government censoring/
filtering host to block the user out by blocking accounts.silentcircle.com 
or sccps.silentcircle.com. Maybe some dynamic methods is in place?

---

   const char *dev_id=t_getDevID_md5();^M <--- What's up with these functions? 
Maybe the IMEI/UDID of the Phone hashed with md5?
   TODO: Someone should check it!
   const char *dev_name=t_getDev_name();^M Only works on IOS, returns 
UTF8String of NSString *n = [[UIDevice currentDevice]model]; That's something 
like "iPhone5" or "iPhone4s"? If so, it's less privacy invasive.

   It should be evaluated the privacy impact of retrieving the "name" of the 
device (Is that the name of the phone?) that could be stored somewhere (how?).
        Additionally it should be considered that if the "Device ID" is an 
IMEI, even hashing it with MD5, could make it easily reversable by 
Silentcircle to retrieve it. TODO: Checkit
   NSString *n = [[UIDevice currentDevice]uniqueIdentifier];
        These UDID's were rendered useless a while ago weren't they? There is 
an advertising udid framework but you can request a fresh ID whenever you want.
It's IOS's ^^^ yeah.
It is deprcated since iOS5: https://developer.apple.com/library/prerelease/ios/
#documentation/UIKit/Reference/UIDevice_Class/DeprecationAppendix/Appendix
ADeprecatedAPI.html
   It should be asked what are the privacy handling for those data and if 
those can be additionally "privacy enforced" .

---

Are UI Bugs worth finding? Sometimes they can actually lead to code execution. 
For example, setting your nickname to be something that can exploit the UI 
for nickname display and execute code... or just mislead the user? Part of 
the UI includes presenting security phrases for validation, it's worth 
scrutinizing. From an OPSEC perspective it might lead to leeks as well.

---

Random iOS tidbit of information: if you go into settings.app and change any 
permissions for address book/photos/etc… any applications running that require 
those permissions will automatically forcequit.

---

QUESTION: What this certificate is used for ?
TODO: We should check to see if this certificate is used for TLS Validation? 
If so that's cool, that it does not rely on third party CA.
const char *pEntrustCert=^M
"-----BEGIN CERTIFICATE-----\r\n"^M
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\r\n"^M
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\r\n"^M
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\r\n"^M
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\r\n"^M
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\r\n"^M
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\r\n"^M
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\r\n"^M
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\r\n"^M
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\r\n"^M
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\r\n"^M
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\r\n"^M
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\r\n"^M
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\r\n"^M
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\r\n"^M
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\r\n"^M
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\r\n"^M
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\r\n"^M
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\r\n"^M
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\r\n"^M
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\r\n"^M
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\r\n"^M
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\r\n"^M
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\r\n"^M
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\r\n"^M
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\r\n"^M
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\r\n"^M
"-----END CERTIFICATE-----\r\n"^M

---

* A Backup of the Pad content has been put read-only online (with some
comments and further analysis to be done)
  * http://pastebit.com/pasties/store/12001/silentcircle.html 
  * http://pastebin.com/dKRPrGMN

* SilentCircle source code has been temporarily removed from Github:
https://github.com/SilentCircle/silent-phone-base

* Nadim opened a ticket to ask about the code back:
https://github.com/SilentCircle/silent-phone-base/issues/1 

* A new (different) version of the code has been uploaded online:
https://github.com/SilentCircle/silent-phone-base

* Someone in the meantime put the original code back online (as a zip
archive):http://jednorog.sneakyness.com/1U060B2S3I1P

* A diff between the "original SC open source release"  and the "modified
SC open source release" reveal some code difference
 * Output of git diff "original/silent-phone-base new/silent-phone-base/ 
sc. patch" is available at

http://codepad.org/eQkexG2R