This article is more than 1 year old
Inside Confide, the chat app 'secretly used by Trump aides': OpenPGP, OpenSSL, and more
Security experts skeptical of encrypted messenger's claims
Rumors that President Donald Trump's aides are using an encrypted messaging app called Confide has landed the software firmly in the spotlight – and under the security microscope.
The Washington Post on Monday mentioned that Confide, built by a startup in New York City, is used by some White House staffers to gossip in private. The app was billed by the newspaper as "a secret chat app – that erases messages as soon as they're read." The aides, fearful of being accused of leaking to the press, turned to Confide in an attempt to cover their tracks and stay off the radar.
This is not the first time Confide has appeared in the national news conversation. In 2014, the app was pitched to big biz in the wake of the Sony Pictures network intrusion as a safe means to communicate without being bothered by hackers. What was missing from Confide's pitch, however, was much in the way of details about how the application delivered on its hefty promise of secure auto-destructing end-to-end encrypted messaging.
Given that foreign spies, as well as Uncle Sam's own snoops, will now definitely be all over this thing like a sore rash, The Register asked Confide for more info: how does the encryption work, what is done to thwart eavesdroppers, and so on.
And we were told the software, available for iOS and Android, basically uses the OpenPGP standard to perform public-private cryptography, uses AES for ephemeral per-message encryption, and exchanges public keys between users via TLS connections with certificate pinning.
To us, this sounds like the public keys travel through Confide's servers via HTTPS with certificate pinning to ensure the software really is talking to its backend systems: if so, it means the app maker can, or be forced to, eavesdrop on conversations by substituting users' keys mid-exchange. It does mean, though, that it's tricky for others listening in on networks to intercept and successfully crack messages, in theory.
"Confide uses public/private key cryptography with ECDH for key agreement and per-message AES keys to encrypt the message payloads," Confide cofounder and president Jon Brod told El Reg on Tuesday evening.
"In addition, we use recommended best practices to ensure the security of network connections, such as using TLS 1.2 with certificate pinning to prevent against man-in-the-middle attacks."
Using OpenPGP and TLS cert pinning is not a bad start, although we weren't told the key lengths. The app's methods are better than the questionable home-brew crypto used in some other chat applications. The software appears to use OpenSSL 1.0.2j, which was last patched for security bugs in September 2016 and isn't FIPS 140-2 validated. That should rule it out of government use right off the bat, we're told.
"The encryption appears to operate like most other end-to-end encrypted apps, where public and private keys are generated," said computer forensics expert Jonathan Zdziarski, who studied the Confide app earlier today.
"In the case of Confide, an ephemeral key seems to be in play to encrypt messages themselves with a symmetric cipher. What seems different about this encryption is that it appears to regenerate the public key under certain circumstances. It’s unclear why, but unlike Signal and WhatsApp, which consider it something to alert you about if your public key changes, Confide appears to consider this part of its function.
"Key exchange is always the most difficult part of good encryption routines. Depending on whether or not Confide is able to detect this and warn the user, it’s possible – although not confirmed – that the application could be susceptible to the same types of man-in-the-middle attacks that we’ve seen theorized in WhatsApp (if you leave the alerts off) and iMessage."
Zdziarski continued: "This one’s a tough call ... Ultimately, the application warrants a cryptographic review before I could endorse its use in the White House. If I were the White House’s CIO, I would – other than hate my life – not endorse any third-party mobile application that didn’t rely on FIPS 140-2 accepted cryptographic routines, such as Apple’s common crypto.
"OpenSSL is very clear about not being FIPS validated, and ultimately it would be up to the manufacturers of Confide to have each individual version of their software validated under FIPS. Nonetheless, as difficult as the FIPS validation process is, should the application not have been validated, it has no place in government, in my opinion.
"The app at least attempts to do what it says it does, and I don’t see any obviously gaping holes. That doesn’t mean it's perfect, and obviously has at least a few disagreeable functions – such as retaining undelivered messages. On the whole, it may be fine for personal conversation, but I would recommend a more proven technology, such as Signal, if I were to have my pick of the litter."
There are red flags surrounding the software: it claims it has "military grade encryption" which is typically used to hype up products that overpromise and underdeliver; it seems to have no cryptographers on the development team; and the source code is not publicly available for anyone to audit.
Alan Woodward, a cryptography expert and professor at the University of Surrey in the UK, was quoted earlier today as saying Confide is "a triumph of marketing over substance ... I don’t like crypto written by those who are general developers without advice from those skilled in the subject. It’s a sure way to introduce a weakness into the protocol regardless of what encryption might be used."
Kenn White, a security researcher and OpenSSL auditor, simply described the messenger app as: "Awful." Meanwhile, the Android version of the program has been installed 100,000 to 500,000 times, according to the Google Play store, and has a four-star rating from users.
A spokesperson for the White House was not available to comment on the rumors of Confide's use by administration staffers. ®