Wait, what? Did they really just include this sentence in their abstract:
"we devise a technique able to decrypt them when the secret passphrase, chosen by the user as the initial step of the encryption process, is known. " Am I wrong in reading this as: "we can unlock chatsecure when we know the password" .hc Chris Ballinger: > This looks like a silly report, and would apply to any other app using > SQLCipher in a long running process, and in this case it's required to > receive messages in the background. From a quick read it looks like the > same passphrase is stored twice in memory for both the media and message > store which helps their recovery process, but once you have physical access > to a decrypted device in USB debugger mode there's all sorts of other ways > you can recover it. > > >> we devise >> a technique able to decrypt them when the secret passphrase, chosen by >> the user as the initial step of the encryption process, is known. > > > It's pretty obvious how you'd decrypt a SQLCipher database when the > passphrase is known. > > Furthermore, we show how this passphrase can be identified and extracted >> from the volatile memory of the device, where it persists for the entire >> execution of ChatSecure after having been entered by the user, thus >> allowing one to carry out decryption even if the passphrase is not >> revealed by the user. > > > This is how encrypted databases work and there's not really a way around > it. You can encrypt the key in memory, but then you gotta keep the key for > the key somewhere else in memory. Even on iOS where you can store keys in > the device keychain, when the database is active the key needs to be in > memory somewhere. > > Finally, we discuss how to analyze and correlate the data stored in the >> databases used by ChatSecure to identify the IM accounts used by the >> user and his/her buddies to communicate, as well as to reconstruct the >> chronology and contents of the messages and files that have been >> exchanged among them. > > > It's pretty easy to dump SQL tables.. > > > > > > > On Wed, Oct 26, 2016 at 10:23 AM, Nathan of Guardian < > [email protected]> wrote: > >> A great publication that really looks into detail on how we use >> SQLCipher, IOCipher and CacheWord in ChatSecure Android, and many other >> apps. >> >> Any thoughts on possible improvements to key management, data >> reducation, etc, would be great to hear. >> >> *** >> >> Tweet: https://twitter.com/arxiv_org/status/790671148002398208 >> >> and publication: >> https://arxiv.org/abs/1610.06721 >> >> Forensic Analysis of the ChatSecure Instant Messaging Application on >> Android Smartphones >> >> Cosimo Anglano, Massimo Canonico, Marco Guazzone >> (Submitted on 21 Oct 2016) >> We present the forensic analysis of the artifacts generated on Android >> smartphones by ChatSecure, a secure Instant Messaging application that >> provides strong encryption for transmitted and locally-stored data to >> ensure the privacy of its users. >> We show that ChatSecure stores local copies of both exchanged messages >> and files into two distinct, AES-256 encrypted databases, and we devise >> a technique able to decrypt them when the secret passphrase, chosen by >> the user as the initial step of the encryption process, is known. >> Furthermore, we show how this passphrase can be identified and extracted >> from the volatile memory of the device, where it persists for the entire >> execution of ChatSecure after having been entered by the user, thus >> allowing one to carry out decryption even if the passphrase is not >> revealed by the user. >> Finally, we discuss how to analyze and correlate the data stored in the >> databases used by ChatSecure to identify the IM accounts used by the >> user and his/her buddies to communicate, as well as to reconstruct the >> chronology and contents of the messages and files that have been >> exchanged among them. >> For our study we devise and use an experimental methodology, based on >> the use of emulated devices, that provides a very high degree of >> reproducibility of the results, and we validate the results it yields >> against those obtained from real smartphones. >> >> >> >> -- >> Nathan of Guardian >> [email protected] >> _______________________________________________ >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >> To unsubscribe, email: [email protected] >> > > > > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] > -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
