Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

Making Android NSA-Proof

As it turns out, it’s quite easy to make your Android phone NSA-proof. It’s a simple method, and anyone can do it – all you need is a few ounces of thermite!

Too extreme?

Tools & Tips #

Let’s shoot for something a little more attainable – spy resistant. We can’t stop every attack, but we can reduce the attack surface a bit. Here are a few tools that I’ve been using recently to do just that.

Boxcryptor Classic – Like many people, I use DropBox for certain, low sensitivity files. But what about things that require a little more care? Boxcryptor Classic encrypts files and then stores the encrypted copy in DropBox. It’s simple, security seems sound, and the free edition is quite adequate. May not be perfect, but suits my needs nicely.

TextSecure – It’s open-source, it’s free, and it’s from Moxie – what’s not to love? It stores all of your SMS & MMS data encrypted, and can encrypt the data over the air when texting another TextSecure user.

Currently it uses the SMS/MMS service for messaging, and is Android only; both of those things are changing soon. It’ll be using the data channel and supporting iOS in the near future.

Kaiten Mail & AGP – Kaiten is a low cost ($4.99) mail client; though if you want to go cheaper, it’s open-source cousin K-9 Mail is free. They are developed by the same core team, though Kaiten seems to get the new features first, then they are ported into K-9. I like supporting OSS developers, so I happily went with the paid version. It works great with my Google Apps email account, though does take some getting used to.

Where it really comes in handy though, is when you use it with AGP, the Android Privacy Guard. It’s a simple, minimalistic OpenPGP tool that integrates nicely with Kaiten and K-9. It makes it simple to support encrypted or signed mail on your phone.

This does though require that your private key be on the device, so keep that risk in mind.

AGP is a bit dated, and hasn’t been updated since 2010. So, it’s clearly been abandoned. Thankfully though, Dominik Schürmann has forked the project and is working on a major update (new GUI, new API, etc.) that should be ready early next year.

VpnCilla – Next up is a highly configurable VPN client ($4.99). WIFI is great – except that evil part of your traffic being so simple to monitor, and with recent work on femtocell systems, even 3G/4G connections can’t be fully trusted. Having a VPN handy is a must.

You’ll also need a good VPN service; my current pick is zipline; it’s fast, cheap, and from a trusted professional (Dan Tentler).

RedPhone – Another tool from Moxie, RedPhone secures your voice communications via encrypted VoIP. Or at least so I’ve read – I never actually make voice calls on my personal phone anymore.

Others – There are various other useful things – Google Authenticator (2FA all the things, right?), ConnectBot to SSH into your server to do anything you don’t want to do from your phone, use wifitrack & Wifi Analyzer to better understand what’s in your area.

Configuration #

There is, of course, obvious configuration to make things a bit safer. Make sure you have a good password, or at least a long PIN set – don’t trust patterns, and don’t bother with a 4 digit PIN.

USB debugging must be turned off – otherwise there’s no point in locking your phone. Some other settings help, but not enough – one big one is Android’s full disk encryption.

If you only have a short numeric PIN, the FDE is little better than a wet paper bag.

Weak Spots #

It’s not all great though, there are still weaknesses – plenty in fact. Thanks to USB MUXing there is probably a debug interface – and maybe even a full shell on your phone, and you have no way of turning it off. There may be flaws in the baseband or other software that could allow an attacker to gain control.

The list goes on and on. And that’s without the fact that your phone company hands over all of your call records, or the various apps you need, but don’t have a secure replacement.

There is no such thing as an NSA proof phone – unless you literally melt it. What we can do though is make it harder to be spied on; make the attackers work for every bit of data. Give nothing away for free.

Adam Caudill


Related Posts

  • Worried about the NSA? Try AES-512!

    …or, The Cost of Wild Speculation. “We need to boost our security – I think the NSA has broken everything we use. AES-256 is too weak, I don’t trust it. Find a way to implement AES-512.” Double-AES-256! It’d be easy, and double encrypting has never bitten us before. So, let’s write some code! def encrypt(msg, iv, key) return e(e(msg, iv, key.slice(0..31)), iv, key.slice(32..63)) end def decrypt(cipher, iv, key) return d(d(cipher, iv, key.

  • Crypto, the NSA, and Broken Trust

    Even as a child I was fascinated by cryptography – and often left the local librarians with puzzled looks thanks to the books I would check out. It’s so elegantly simple, and yet massively complex. There is one very unusual property of crypto though – it’s not about math or modes, it’s about trust. Cryptography, especially as used today, has the most wonderful dichotomy of trust; on one hand crypto, by its very nature, is used in situations lacking trust.

  • Is moving offshore really crazy?

    Today ZDNet published an article titled “The lunacy of trying to avoid NSA spying by moving e-mail and cloud out of the US” – I’m still trying to figure out if the position is naive, or intentionally ignores important facts. In short, the author (Steven J. Vaughan-Nichols) states that your data is safer in the US because outside of the US, the NSA has much less restrictive rules to operate under.

  • OPSEC, The NSA, and You

    It’s been two weeks since news broke about the NSA collecting massive amounts of data from Verizon; and likely everybody else. There’s also PRISM – whatever the hell that is – it seems there’s no agreement on that, and I doubt there will be anytime soon. What really matters here though, is we have proof that people are watching – and if it’s happening in the US, it’s probably happening everywhere else.

  • Crypto Front Door: Everyone Welcome!

    For decades, the US Government has fought — sometimes with itself — to prevent the use of secure cryptography. During the first crypto war, they allowed strong cryptography within the US, but other countries were limited to small keys — making brute force attacks practical. But what about those pesky US citizens? They didn’t really want them to have strong crypto either — enter key escrow. What is key escrow? According to Wikipedia: