Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

potential security issues - include warning on first start #9

Open
acidicX opened this issue May 3, 2015 · 7 comments
Open

potential security issues - include warning on first start #9

acidicX opened this issue May 3, 2015 · 7 comments

Comments

@acidicX
Copy link

acidicX commented May 3, 2015

Depending on the threat model, Firefox OS is not securely handling app data, in the way that you can easily read out phone memory when the phone is left alone somewhere. There is no encryption of the device available yet. That means your private key can be stolen easily (or at least more easily than on your desktop PC, because you usually don't take that everywhere you go).

PGP/GPG also offers no perfect forward secrecy by design. This means once the private key is extracted and brute-forced, all previous messages can be read. So maybe it would be a good idea to at least warn the users that Firefox OS does not store the key safely, and that it is extremely risky to leave the private key on the SD card. Users should probably use a separate key for the phone until the internal storage of the phone can be encrypted.

@aronnebrivio
Copy link
Owner

Well, unless you can't debug the app I think keys stored in the app database are secure because all Firefox OS apps works on an own sandbox, isn't it?
Then if you export your keys to a file on the SDcard, the key you saved it's no longer protected obviusly..

@acidicX
Copy link
Author

acidicX commented May 3, 2015

sandbox != encryption
The sandbox should protect the key against other apps - yes. However, I'm not sure if the FxOS sandbox has even been looked at thoroughly by security researchers yet. I would not bet on it.
Anyway, the sandbox will not protect the key from physical attacks. I could easily take your phone, enable dev mode, pull the app data in under a minute while you are distracted. Afterwards, you would not notice that the key has been extracted.

Again, note: as soon as the private key is stolen, all previous PGP communication with that key becomes vulnerable. If that is the attackers whole target, he could also just steal the phone and pull everything from NAND (even if the device is locked/powered off), because the NAND storage is not encrypted. This is also commonly done when the US border guards take your gadgets for 'inspection' at the airport. It is a real scenario. Those risks and attack vectors might be obvious to me, but definitely not to the average user.

tl;dr: private keys are neither protected on the device nor on the SD card (again: might not be obvious to every user), so users should be given a warning first.

@acidicX
Copy link
Author

acidicX commented May 3, 2015

Just an addition: when users import a key from SD card, the app could just ask if it can delete the key on the SD card afterwards. On export, it could give a note to clear it from SD as soon as possible.

@aronnebrivio
Copy link
Owner

First of all thanks for your suggestion on your third post, I think I'll implement the possibility to delete the file in the SDcard once you've imported the key.

Second, let's talk about this "potential security issue". We are talking about stoling a phone, that is illegal and the only solution is to use a PIN on the lockscreen. Obviusly once the device is in the wrong hands it could be cracked, but it's not application specific, I can't protect a user form himself :)

Anyway, if you have a possible solution well, let me know and make a pull request, i would really appreciate it :)

@acidicX
Copy link
Author

acidicX commented May 4, 2015

There is no solution on FxOS until reasonable device encryption is implemented (in gonk/gecko), that is why it would be good to include a warning :) this cannot be fixed on an application level. Hence no pull request. I know this is frustrating, but since you cannot change PGP to include perfect forward secrecy, you should at least let your users know you care about the problem and let the users take the appropriate security measures (e.g. don't take your phone through US customs with the private key on it). If they are not aware of the problem, they cannot do that.

It's not only about stealing the phone. Please read my post again - US border guards extract that very kind of information from devices, and it is legal for them (if you are no US citizen, at least). Also, a lockscreen PIN would not solve that issue (still no encryption of the device!). Also: illegal things do happen :) otherwise there would be no need for security.

And yes, this is a use-case specific problem. A game developer does not need to care about this attack vector (hence no warning there). However, you are providing an application designed for improving security - so you should care. Otherwise, you are giving your users a false sense of security which is a really really bad thing to do and can potentially cause harm to people.

@comzeradd
Copy link

I think that the lack of disk encryption is a security issue that doesn't relate explicitly to pgp keys. If someone steals your phone he would have access to everything (eg. unencrypted emails). So I don't think it's necessary for any security warning inside this app.

The sandbox is indeed not equivalent with encryption, but it offers a layer of security that it's not present to most desktop operating systems. A malicious desktop app that you run with the same user that owns your pgp keys folder can "steal" your keys. That's not possible on Firefox OS.

@acidicX
Copy link
Author

acidicX commented Nov 20, 2015

@comzeradd the use case is different compared to desktop or notebooks. Phones can be stolen or "downloaded" much more easily, and with PGP you have - by design - no perfect forward secrecy.
It is true that a malicious desktop app can steal the keys, but this is an issue the desktop versions of PGP should address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants