Cryptocat now available for iPhone
Posted on 05 March 2014.
Cryptocat, the popular open source application that enables users to chat online easily and securely, is now available for iPhone users (on Apple's App Store), as well.

Cryptocat initially took the form of a web app for Mac OS X and browser extensions for Chrome, Firefox, Safari, and Opera, but last December the team behind it publicly released the source code for Cryptocat for iPhone and Android and invited the security community to review it and help find security bugs.


"Our mission has always been on making encrypted chat fun and easy to use, first and foremost," commented Cryptocat creator Nadim Kobeissi in a blog post announcing Cryptocat for iPhone.

The iPhone version is a native application - it uses iOS' APIs instead of web cryptography.

"Cryptocat for iPhone uses the OTR protocol for private conversations, and our solidly maturing multiparty protocol for group conversations. With our current research into mpOTR, we hope to soon offer an upgraded global standard that brings Cryptocatís encryption system to other platforms as well," Kobeissi added.

The app works smoothly with the computer-based Cryptocat clients, so it's not required that all parties in a conversation use the iPhone app. The functioning and look remained the same.

Kobeissi noted that they welcome feedback from users and has enumerated some future improvements they are working on.

The app release has already been criticized by well-known iPhone forensics expert Jonathan Zdziarski, who claims that Cryptocat's touted user history ephemerality is absent from the app.

"I was really excited to see this app hit the app store, but unfortunately the iOS version does not appear to have been written with privacy/security in mind," he warned in a review of the app.

"The app leaves behind a treasure trove of forensic artifacts that can be lifted from your device if it is ever stolen, hacked, or seized by law enforcement. The most notable of which is that all your past typing is logged into Appleís keyboard cache, so that previous conversations, including word counts, can be extracted from the device. Cryptocat could have prevented this by turning off auto-correct or writing their own."

"The app also intentionally stores the userís private key, room name, nick, buddies, and other identifying information in the configuration file," he added. "This can all be used to identify you, past conference rooms, and other information that could expose you. And sadly, if I could figure this out in just a couple of minutes, Iím sure bad guys/feds/etc. are figuring it out too. This can be recovered forensically from most commercial forensic tools on devices of any model."









Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //