CyanogenMod introduces built-in SMS encryption
Posted on 10 December 2013.
CyanogenMod developers have announced the fruit of several months of labor headed by Open Whisper Systems' Moxie Marlinspike: a seamless implementation of TextSecure, the latter firm's well-known and trusted SMS encryption solution.

CyanogenMod is one of the most popular modified and open source Android firmware on the market - its user base has surpassed the ten million mark and keeps growing.

"Weve modified the Cyanogen SMS/MMS provider to speak the TextSecure protocol. If an outgoing SMS message is addressed to another CyanogenMod or TextSecure user, it will be transparently encrypted and sent over the data channel as a push message to the receiving device. That device will then decrypt the message and deliver it to the system as a normal incoming SMS," Marlinspike explained in a blog post.

"The result is a system where a CyanogenMod user can choose to use any SMS app theyd like, and their communication with other CyanogenMod or TextSecure users will be transparently encrypted end-to-end over the data channel without requiring them to modify their work flow at all."

In the event that one of the parties does not use CyanogenMod or TextSecure, the implementation simply and silently falls back to sending a normal, unencrypted SMS message.

For the more technical-minded, he offered details on the protocols and cryptographic primitives used, as well as on the integration between servers. CyanogenMod developers also pointed out that the source for this code will be made public, and have invited knowledgeable users to audit it.

"Cyanogen deserves enormous praise for their substantial commitment of time and resources to this development effort," noted Marlinspike. "Their genuine resolve to protect their users from large-scale dragnet surveillance is truly remarkable in a world where most companies are instead angling to collect as much information about their users as possible."

The in-firmware version of TextSecure will firstly be incorporated in the CyanogenMod 10.2 nightly stream and then, if everything works as it should and the servers can take the load, it will be included in CM 11 and onwards.









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals its our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //