CyanogenMod introduces built-in SMS encryption
Posted on 10 December 2013.
CyanogenMod developers have announced the fruit of several months of labor headed by Open Whisper Systems' Moxie Marlinspike: a seamless implementation of TextSecure, the latter firm's well-known and trusted SMS encryption solution.

CyanogenMod is one of the most popular modified and open source Android firmware on the market - its user base has surpassed the ten million mark and keeps growing.

"We’ve modified the Cyanogen SMS/MMS provider to speak the TextSecure protocol. If an outgoing SMS message is addressed to another CyanogenMod or TextSecure user, it will be transparently encrypted and sent over the data channel as a push message to the receiving device. That device will then decrypt the message and deliver it to the system as a normal incoming SMS," Marlinspike explained in a blog post.

"The result is a system where a CyanogenMod user can choose to use any SMS app they’d like, and their communication with other CyanogenMod or TextSecure users will be transparently encrypted end-to-end over the data channel without requiring them to modify their work flow at all."

In the event that one of the parties does not use CyanogenMod or TextSecure, the implementation simply and silently falls back to sending a normal, unencrypted SMS message.

For the more technical-minded, he offered details on the protocols and cryptographic primitives used, as well as on the integration between servers. CyanogenMod developers also pointed out that the source for this code will be made public, and have invited knowledgeable users to audit it.

"Cyanogen deserves enormous praise for their substantial commitment of time and resources to this development effort," noted Marlinspike. "Their genuine resolve to protect their users from large-scale dragnet surveillance is truly remarkable in a world where most companies are instead angling to collect as much information about their users as possible."

The in-firmware version of TextSecure will firstly be incorporated in the CyanogenMod 10.2 nightly stream and then, if everything works as it should and the servers can take the load, it will be included in CM 11 and onwards.









Spotlight

Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //