Superfish, Lenovo, Gemalto Show Need For Defense In Depth, End-To-End Security – And More
Last week, two significant events further demonstrated the necessity for defense in depth and for end-to-end encryption. It was revealed that surveillance agencies had broken into the mobile network and stolen all cryptokeys, and that the computer maker Lenovo was wiretapping all secure communications of its users in order to insert advertising into it. These are two deep betrayals that force us to re-think what level of security is good enough.
The NSA/GCHQ theft of cryptographic keys – likely billions of them – certainly constitutes a crime when done by any other person or agency. But when done by surveillance agencies, it forces us to re-evaluate what is wiretapped and what is not. In this case, it becomes clear that any phonecall over a cellphone is decrypted and wiretapped, and that the surveillance agencies have ensured that they have access to multiple methods to achieve this.
Don’t say anything on an ordinary phonecall that you don’t want to be public. In this case, we turn to end-to-end encryption, where nobody but you and the person you communicate with have the cryptokeys. This principle is crucial: as soon as your communication is decrypted somewhere in the middle – in this case, in the phone network – you no longer have end-to-end encryption. This is a minimum requirement today in order to stay unwiretapped.
The mobile phone apps RedPhone and Signal, from Open Whisper Systems, have been found to be hard to crack by the surveillance agencies. They provide end-to-end encryption for voicecalls and are compatible with each other – Signal for iPhone, RedPhone for the Android ecosystem.
However, as a serious wake-up call, end-to-end encryption was not enough in some cases that appeared last week. The Lenovo computers were compromised from the factory, so the You needed to trust your computer to perform end-to-end encryption for you, but your computer had been subverted by its manufacturer.
This brings us to the second principle: defense in depth.
Defense in depth means that one security solution isn’t good enough. Just like when you dress warm in the winter, you don’t depend on one warm jacket: you need many layers of security. This is because at least one of them will be subverted and compromised. In this case, your very machine’s operating system was compromised, which would normally be a game-over situation – but even such situations can be mitigated, like by running Tails.
As always, privacy remains your own responsibility.
