• chevron_right

      Samsung Encryption Flaw

      Bruce Schneier · news.movim.eu / Schneier · Wednesday, 2 March, 2022 - 20:45 · 1 minute

    Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones.

    From the abstract:

    In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices. We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google’s Secure Key Import.

    Here are the details:

    As we discussed in Section 3, the wrapping key used to encrypt the key blobs (HDK) is derived using a salt value computed by the Keymaster TA. In v15 and v20-s9 blobs, the salt is a deterministic function that depends only on the application ID and application data (and constant strings), which the Normal World client fully controls. This means that for a given application, all key blobs will be encrypted using the same key. As the blobs are encrypted in AES-GCM mode-of-operation, the security of the resulting encryption scheme depends on its IV values never being reused.

    Gadzooks. That’s a really embarrassing mistake. GSM needs a new nonce for every encryption. Samsung took a secure cipher mode and implemented it insecurely.

    News article .

    • chevron_right

      Movim 0.20 - Skiff

      Timothée Jaussoin · pubsub.movim.eu / Movim · Saturday, 19 February, 2022 - 10:25 edit · 3 minutes

    I was used to #release a new version of #Movim twice a year. Skiff is an exception. One year of work was required to release the 20th major version of the project.

    The main reason is mostly based on the amount of work and adjustments required to integrate the main feature of this release: the support of end-to-end #encryption through the implementation of OMEMO.

    So let's dive in all the new exciting features that you will discover in this major release.


    The technical part was already extensively covered by the dedicated article End to end encryption in Movim - OMEMO is (finally) there!.

    The user experience and flow is not very different than on other XMPP clients, if Movim detects that you can start an encrypted conversation with a contact a small lock icon will be displayed next to the chatbox. You can always choose to toggle it back to have a non-encrypted discussion.

    The new redesigned chatbox

    It is also possible to see all the encryption fingerprints in the Contact drawer under the dedicated "Fingerprints" tab. You can also enable and disable encryption to each fingerprint manually there. Movim is displaying the last message sent or received and the client linked to the fingerprint to help you with your configuration. But rest assured, those settings are only for those that wants to configure in detail their encryption levels.

    OMEMO Fingerprints

    End-to-end encryption is also available for group chats, the flow is exactly the same as for single contacts.

    There is some chances that you encounter encryption issues in some cases, even after a lot of debug and refactoring end-to-end encryption is a really complex beast that is difficult to handle. Feel free to open a ticket with all the details to reproduce the issue if you encounter one.

    I'd like to thank again NLNet for their help on this project ! With the funding I was able to free-up time to finally integrate end-to-end encryption in Movim.

    NLNet Logo


    A few changes were made regarding the posts and their integration within Movim.

    The post publication form was slightly redesigned and now allows several images, files or links to be attached. Linked to that change, post cards were also redesigned with a more compact design.

    Multiple attached pictures

    The public Communities and Blog pages now have the same 2-columns design as their private version. The displayed Communities and Contacts information are also now more compact.

    Two column design for the public pages

    The tags were redesigned and are now more clearly visible and navigable.

    Now design for the tags


    The contacts and chatrooms drawers were redesigned and now include some really useful information. Pictures and links sent in conversations are now quickly available in dedicated tabs.

    Redesigned chat drawer

    Chat bubbles are now properly displaying quotes and support message styling.

    Chat bubble with styling

    A big refactoring was also done regarding how the edited messages are handled in Movim. This refactoring allowed messages to be edited in Group Chats and the support of several edits on a single message (which caused some weird message duplication bug).


    Chatrooms administrators can now manage affiliations and ban/unban users.

    Changing affiliation for a user

    You can now prioritize your most important chatrooms on top of the list with the pin feature.

    Pinned chatrooms

    ...and many other things

    The old Movim API code was fully removed. It had been left untouched for years and not really used nor up-to-date anymore.

    When you are in a chat conversation, the other chats counter is displayed on the back button.

    The internal picture library was rewritten and simplified, it now supports transparent avatars. All pictures are now compressed in WebP by default.

    Admins can now fully disable the registration feature. It is quite useful if you have a dedicated Movim setup and a specific separated flow to register your users (using an internal LDAP in a company or school for example).

    Plenty of new emojis were integrated with the support of Unicode 13.0.

    Movim is now a Progressive Web App

    Movim used to have some "native" apps, on desktop and Android. All those app are now deprecated and replaced by work that was done to make Movim a full Progressive Web App. From any browsers you can now install Movim as an app on your phone or desktop in a single click.


    Lots of other small improvements and features were integrated in this release but not listed there, it's time for you to discover them. Enjoy this new version!

    That's all folks!

    • chevron_right

      WhatsApp “end-to-end encrypted” messages aren’t that private after all

      Jim Salter · news.movim.eu / ArsTechnica · Wednesday, 8 September, 2021 - 21:33

    WhatsApp logo

    Enlarge / The security of Facebook's popular messaging app leaves several rather important devils in its details. (credit: WhatsApp )

    Yesterday, independent newsroom ProPublica published a detailed piece examining the popular WhatsApp messaging platform's privacy claims. The service famously offers "end-to-end encryption," which most users interpret as meaning that Facebook, WhatsApp's owner since 2014, can neither read messages itself nor forward them to law enforcement.

    This claim is contradicted by the simple fact that Facebook employs about 1,000 WhatsApp moderators whose entire job is—you guessed it—reviewing WhatsApp messages that have been flagged as "improper."

    End-to-end encryption—but what’s an “end”?

    security and privacy page seems easy to misinterpret.' src='https://cdn.arstechnica.net/wp-content/uploads/2021/09/whatsapp-end-to-end-screenshot-640x141.png' >

    This snippet from WhatsApp's security and privacy page seems easy to misinterpret. (credit: Jim Salter )

    The loophole in WhatsApp's end-to-end encryption is simple: the recipient of any WhatsApp message can flag it. Once flagged, the message is copied on the recipient's device and sent as a separate message to Facebook for review.

    Read 14 remaining paragraphs | Comments

    • chevron_right

      Avoid Windscribe VPN (Toronto-based)

      Mathias Poujol-Rost ✅ · Tuesday, 27 July, 2021 - 16:20

    Via https://nitter.fdn.fr/dangoodin001/status/1419799335206752260


    • chevron_right

      Year of the OX: OpenPGP for XMPP

      pubsub.movim.eu / berlin-xmpp-meetup · Monday, 1 February, 2021 - 02:02 edit

    In February 2021, this month, starts the year of the ox. At Berlin XMPP meetup, we will celebrate the new year with an introductionary talk about "XEP-0373: OpenPGP for XMPP" and "XEP-0374: OpenPGP for XMPP Instant Messaging" and the panel of experts:

    • DebXWoody (implementor of OX in Profanity)
    • defanor (implementor of OX in rexmpp)
    • Florian (co-author of the OX standards)
    • lovetox (implementor of OX for Gajim)
    • Paul (implementor of OX in Smack)

    When? Wednesday, 2021-02-10 18:00 CET (always 2ⁿᵈ Wednesday of every month)

    Where? Online, via our MUC (xmpp:berlin-meetup@conference.conversations.im?join). A Jitsi video conference will be announced there.

    See you then!

    #yearoftheox #openpgp #xmpp #ox #jabber #encryption #e2ee #privacy #omemo #🐂️ #berlin #meetup #community #profanity #rexmpp #gajim #smack

    • chevron_right

      WhatsApp users must share their data with Facebook or stop using the app

      Dan Goodin · news.movim.eu / ArsTechnica · Wednesday, 6 January, 2021 - 20:29

    In this photo illustration a Whatsapp logo seen displayed on

    Enlarge (credit: Getty Images )

    WhatsApp, the Facebook-owned messenger that claims to have privacy coded into its DNA, is giving its 2 billion plus users an ultimatum: agree to share their personal data with the social network or delete their accounts.

    The requirement is being delivered through an in-app alert directing users to agree to sweeping changes in the WhatsApp terms of service. Those who don’t accept the revamped privacy policy by February 8 will no longer be able to use the app.


    Share and share alike

    Shortly after Facebook acquired WhatsApp for $19 billion in 2014, its developers built state-of-the-art end-to-end encryption into the messaging app. The move was seen as a victory for privacy advocates because it used the Signal Protocol, an open source encryption scheme whose source code has been reviewed and audited by scores of independent security experts.

    Read 8 remaining paragraphs | Comments

    • chevron_right

      Kazakhstan spies on citizens’ HTTPS traffic; browser-makers fight back

      Dan Goodin · news.movim.eu / ArsTechnica · Saturday, 19 December, 2020 - 15:45

    Surveillance camera peering into laptop computer

    Enlarge (credit: Thomas Jackson | Stone | Getty Images )

    Google, Mozilla, Apple, and Microsoft said they’re joining forces to stop Kazakhstan’s government from decrypting and reading HTTPS-encrypted traffic sent between its citizens and overseas social media sites.

    All four of the companies’ browsers recently received updates that block a root certificate the government has been requiring some citizens to install. The self-signed certificate caused traffic sent to and from select websites to be encrypted with a key controlled by the government. Under industry standards, HTTPS keys are supposed to be private and under the control only of the site operator.

    A thread on Mozilla’s bug-reporting site first reported the certificate in use on December 6. The Censored Planet website later reported that the certificate worked against dozens of Web services that mostly belonged to Google, Facebook, and Twitter. Censored Planet identified the sites affected as:

    Read 3 remaining paragraphs | Comments