Viewing a single comment thread. View all comments

kore wrote

i am still extremely skeptical that the five eyes can break e2ee.

3

celebratedrecluse wrote

anyone can break encryption which is computed on devices with backdoors

most people in the world use android, specifically the most out-of-date and unmaintained versions of android. Everything from the processor, peripheral firmwares, OS, root applications, user applications, it's all totally fuck

2

kore wrote

do you have specific references where i can learn about this? in terms of mobile phones, who knows what goes on in the baseband but i would love to see proof of concept attacks based on the ways you mentioned

3

celebratedrecluse wrote (edited )

https://web.archive.org/web/20200411222306/https://securityaffairs.co/wordpress/101094/malware/android-apps-hidden-backdoors.html

https://blogs.fsfe.org/larma/2017/signal-backdoors/

https://www.reddit.com/r/privacy/comments/3srhxh/signal_on_android_google_play_services/

https://www.makeuseof.com/tag/7-free-google-services-that-cost-you-battery-life-privacy-android/

https://www.huffpost.com/entry/why-googles-spying-on-use_b_3530296

https://securitywithoutborders.org/blog/2019/03/29/exodus.html

https://www.schneier.com/blog/archives/2019/06/backdoor_built_.html

https://www.bleepingcomputer.com/news/security/second-chinese-firm-in-a-week-found-hiding-backdoor-in-firmware-of-android-devices/

https://www.bloomberg.com/news/articles/2013-07-03/security-enhanced-android-nsa-edition (this is hypothetical, but if USA intelligence provides code with unknown backdoors they have developed, even open sourcing the code would not necessarily expose the vulnerabilities as the tools to break into devices may be uniquely developed by the NS agency. This was also right around the Snowden leaks time)

https://www.theverge.com/2013/6/6/4403868/nsa-fbi-mine-data-apple-google-facebook-microsoft-others-prism

https://proclivitiesprinciplewisdom.wordpress.com/2019/05/24/global-surveillance-infrastructure-used-by-fbi-cia-and-nsa/

Google Play Services alone basically fucks up any possible security on the vast majority of Android devices. Don't use android.

https://gs.statcounter.com/android-version-market-share/mobile-tablet/worldwide

As far as old versions, phones are locked to certain versions of android in order to motivate people to buy the new ones. There are old phones out there still running android 4 and 5, although most are between 6 and 9. This means a substantial portion of android phones do not have any mac randomization, for instance. As far as security maintenance, that stops after 2-3 years tops, and is dependent on both Google and the manufacturer collaborating to maintain the devices. Therefore only Pixel phones of recent purchase are "secure", which entails of course handing over even more of your digital information and private life to a single USA company (Google)

https://www.tomsguide.com/us/old-phones-unsafe,news-24846.html

2

kore wrote

thank you very much, i will check these out!

1

anarchyinbedrock1990 OP wrote

Isn't most e2ee based on government/military encryption code? Like 256 authentication or whatever it is.

2

kore wrote (edited )

key exchange is moving toward diffie hellman elliptic. aes256 is still popular for symmetric but so is blowfish. cryptographers have analyzed aes256 endlessly and no one has shown a practical attack

2