In December 2020, Cellebrite published a blog article discussing how they “broke” Signal. While the article has since been heavily edited, a copy of the original is still available from the Wayback Machine.
In their article, Cellebrite made the assumption that a user’s phone was unlocked and that the attacker could access values stored in the device’s secure storage. With these assumptions in place, Cellebrite claimed that they could access the user’s messages stored on the device. In terms of physical security, this is equivalent to saying that, if a thief had a copy of the front door key and the code to the alarm system, they could break in and steal the TV. While this may happen, it isn’t the type of attack that your home security system - or a secure messaging application - is designed to prevent.
How Ciphr Works to Minimize Users’ Risk
The balance between security and usability is a challenging one for security-focused communications apps like Signal or Ciphr. With high security software, the user is still responsible for some aspects of security (such as using a strong password for the device and app). Ciphr enforces password rules and recommendations for a strong application password.
That being said, apps like Signal and Ciphr work hard to make their users as secure as possible. Ciphr includes a number of features designed to help protect the confidentiality of its users’ communications.
Argon2 Key Derivation
Password guessing attacks are always a threat to users’ security. If someone can figure out your password, it becomes much more difficult to differentiate between a legitimate user and an attacker.
Key derivation functions (KDF) try to minimize the risk of these attacks by making password guessing attacks as slow and inefficient as possible. Ciphr uses the Argon2 KDF, which is designed to provide protect against specialized hardware like GPUs and ASICs commonly used for password cracking attacks. To learn more about Argon2 and the benefits that it provides, check out this blog.
Ciphr offers the user a choice when configuring Argon2 in their app. Argon’s protections are based on using a high number of iterations and memory in deriving a key from a password. If you’re willing to wait a little longer to open your app (and use a strong password), then Argon2 can make your password exponentially more difficult to break. However, if you turn these settings down - making the app load faster - you are prioritizing speed of use with a slight sacrifice to security. However, the use of Argon2 means that Ciphr will still be more secure than apps that don’t use it.
Many of Cellebrite’s attacks are focused on extracting secret keys from on-device memory. This memory is typically only accessible from inside a particular app, but if the attacker can gain access to an unlocked device and app or guess the appropriate passwords, then this can provide access to encrypted data stored on the device.
Ciphr includes an option – that the user can choose to enable – to use a composite key to provide additional protection against this type of attack. The user’s password is used to derive a secret value that enables the actual decryption key to be downloaded from Ciphr’s servers. Without the user’s password, no-one – not even Ciphr – knows which of the encrypted passwords stored on its servers belongs to a particular user. This means that an attacker needs to be connected to the Internet and have access to the mobile device's storage when trying to guess a user’s password.
Additionally, the values used to find and download keys stored on Ciphr's server are regularly refreshed. This means that an attacker would regularly need to start over when trying to crack a user’s password. Combined with Argon2’s resistance to password guessing, this makes it much more difficult to successfully guess a Ciphr user’s password.
Using Ciphr Securely
Ciphr makes a serious effort to protect a user’s data against disclosure. It’s important that a user takes the security they can control seriously too in order to avoid it being undermined. If a user’s Ciphr password is written down somewhere in a way that an attacker could potentially access it, then the user is making life that much simpler for an attacker.
Secure messaging apps like Ciphr provide users with options to improve their data privacy and security. However, the decision of whether or not to use these options lies with the user. Choosing to disable or weaken these protections may provide usability benefits but weakens data security.