Weakness allowed cops to monitor encrypted messages for some time.
Police in the Netherlands said they decrypted more than 258,000 messages sent using IronChat, an app billed as providing end-to-end encryption that was endorsed by National Security Agency leaker Edward Snowden. Update: Through a representative at the American Civil Liberties Union, Snowden said he had never heard of the app until recently and has never endorsed it.
In a statement published Tuesday, Dutch police said officers achieved a “breakthrough in the interception and decryption of encrypted communication” in an investigation into money laundering. The encrypted messages, according to the statement, were sent by IronChat, an app that runs on a device that cost thousands of dollars and could send only text messages.
“Criminals thought they could safely communicate with so-called crypto phones which used the application IronChat,” Tuesday’s statement said. “Police experts in the east of the Netherlands have succeeded in gaining access to this communication. As a result, the police have been able to watch live the communication between criminals for some time.”
Blackbox-security.com, the site selling IronChat and IronPhone, quoted Snowden as saying: “I use PGP to say hi and hello, i use IronChat (OTR) to have a serious conversation,” according to Web archives. In an email sent after this post went live, Ben Wizner, director for the ACLU’s Speech, Privacy & Technology Project, wrote: “Edward informs me that he has never heard of, and certainly never endorsed, this app.”
When end-to-end isn’t
Police said their operation started after they received word a man in the eastern municipality of Lingewaard sold crypto phones to criminals. Since then, police have been able to read 258,000 messages that have provided important information. A 46-year-old man who owned the crypto phone service and a 52-year old partner have been arrested on charges related to money laundering and participation in a criminal organization.
The information provided in the intercepted messages has allowed police to close down a drug lab in Enschede and confiscate automatic weapons, large quantities of MDMA and cocaine, and 90,000 euros in cash. Police said they also learned of a forthcoming retaliation planned by a suspect.
This isn’t the first time Dutch law enforcement has broken encryption used by organized crime rings. In 2016, according to Motherboard, police in the Netherlands arrested a man accused of selling custom PGP smartphones after confiscating servers that sent encrypted messages.
Tuesday’s statement didn’t say how investigators were able to decrypt the IronChat communications. While police said they were able to discover the server used to send the encrypted messages and eventually take it offline, that alone shouldn’t be enough to read communications that are truly end-to-end encrypted.
The Signal app, for instance, encrypts messages using the recipient’s public key before it leaves the sender’s device. As a result, messages that pass through Signal’s central servers can be decrypted only by the recipients’ private key, which is stored only on the recipients’ individual devices. In the event law enforcement took control of the server, they would be unable to read the content of messages without substantially updating the Signal app and waiting for targets to install the update. Even then, they would be able to read only messages sent after the update was installed. Earlier messages would remain unreadable.
Frank Groenewegen, a researcher with Dutch security firm Fox-IT, speculated there was an error in the IronChat system that allowed police to break the encryption.
“In my opinion, that is the most likely option,” he told The Telegraaf. “If encryption is properly applied, nobody can do anything to make a message visible, but it sometimes depends on a comma that is wrong somewhere. Then you can put 15 locks on a safe door, but if the hinges come loose and the door falls out, you will enter.”
An article published by Dutch public broadcaster NOS said a version of the IronChat app it investigated suffered a variety of potentially serious weaknesses. Key among them: warning messages that notified users when their contacts’ encryption keys had changed were easy to overlook because they were provided in a font much smaller than the rest of the conversation. While crypto keys often change for legitimate reasons, such as when someone obtains a new phone, a new key might also be a sign a third party is trying to intercept the communications by encrypting them with a key it controls.
“Whether the police have indeed proceeded in this way is not known,” NOS reporter Joost Schellevis wrote. “However, a police spokesman confirmed on Tuesday evening that the server that was used to exchange messages was hacked. How exactly that happened is unknown.”
The IronChat app, Schellevis reported, also failed to automatically check if the server it used to exchange messages with other users was the correct one. A panic-button feature, which was supposed to let users instantly delete messages, was also practically useless, the article said, citing a tweet from privacy researcher Floor Terra.
This article was first posted on Artstechnica.com