Notes on IME
This commit is contained in:
parent
364d934442
commit
8911be6331
|
@ -13,7 +13,9 @@
|
||||||
- [Profile Encryption & Storage](./profile_encryption_and_storage.md)
|
- [Profile Encryption & Storage](./profile_encryption_and_storage.md)
|
||||||
- [Android Service](./android.md)
|
- [Android Service](./android.md)
|
||||||
- [Message Overlays](./overlays.md)
|
- [Message Overlays](./overlays.md)
|
||||||
|
- [Input](./input.md)
|
||||||
- [Cwtch Servers](./server.md)
|
- [Cwtch Servers](./server.md)
|
||||||
|
- [Key Bundles](./key_bundles.md)
|
||||||
- [Development](./development.md)
|
- [Development](./development.md)
|
||||||
- [Deployment](./deployment.md)
|
- [Deployment](./deployment.md)
|
||||||
- [References](./references.md)
|
- [References](./references.md)
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
# Input
|
||||||
|
|
||||||
|
|
||||||
|
## Risk: Interception of Cwtch content or metadata through an IME on Mobile Devices
|
||||||
|
|
||||||
|
**Status: Unmitigated**
|
||||||
|
|
||||||
|
Any component that has the potential to intercept data between a person, and the Cwtch app is a
|
||||||
|
potential security risk.
|
||||||
|
|
||||||
|
One of the most likely interceptors is a 3rd party IME (Input Method Editor) commonly used
|
||||||
|
by people to generate characters not natively supported by their device.
|
||||||
|
|
||||||
|
Even benign and stock IME apps may unintentionally leak information about the contents of a persons message e.g.
|
||||||
|
through cloud synchronization, cloud translation or personal dictionaries.
|
||||||
|
|
||||||
|
Ultimately, this problem cannot be solved by Cwtch alone, and is a wider risk impacting the entire mobile
|
||||||
|
ecosystem.
|
||||||
|
|
||||||
|
A similar risk exists on desktop through the use of similar input applications (in addition to software keyloggers),
|
||||||
|
however we consider that fully outside the scope of Cwtch risk assessment (in line with other attacks on the security of the underlying
|
||||||
|
operating system itself).
|
|
@ -0,0 +1 @@
|
||||||
|
# Key Bundles
|
|
@ -43,7 +43,28 @@ Another problem is that multiplexing all these overlays into one data store crea
|
||||||
|
|
||||||
None of these problems are insurmountable, but they demonstrate a flaw in our initial assumptions about the nature of collaborative message flows and how we should be handling that data.
|
None of these problems are insurmountable, but they demonstrate a flaw in our initial assumptions about the nature of collaborative message flows and how we should be handling that data.
|
||||||
|
|
||||||
## Invitations
|
# Overlay Types
|
||||||
|
|
||||||
|
As stated above, overlays are specified in a very simple JSON format with the following structure:
|
||||||
|
|
||||||
|
type ChatMessage struct {
|
||||||
|
O int `json:"o"`
|
||||||
|
D string `json:"d"`
|
||||||
|
}
|
||||||
|
|
||||||
|
Where O stands for `Overlay` with the current supported overlays documented below:
|
||||||
|
|
||||||
|
1: data is a chat string
|
||||||
|
2: data is a list state/delta
|
||||||
|
3: data is a bulletin state/delta
|
||||||
|
100: contact suggestion; data is a peer onion address
|
||||||
|
101: contact suggestion; data is a group invite string
|
||||||
|
|
||||||
|
## Chat Messages (Overlay 1)
|
||||||
|
|
||||||
|
The most simple over is a chat message which simply contains raw, unprocessed chat message information.
|
||||||
|
|
||||||
|
## Invitations (Overlays 100 and 101)
|
||||||
|
|
||||||
Instead of receiving the invite as an incoming contact request at the profile level, new inline invites are shared with a particular contact/group, where they can be viewed and/or accepted later, even if they were initially rejected (potentially by accident).
|
Instead of receiving the invite as an incoming contact request at the profile level, new inline invites are shared with a particular contact/group, where they can be viewed and/or accepted later, even if they were initially rejected (potentially by accident).
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,8 @@
|
||||||
|
|
||||||
* Lewis, Sarah Jamie. "Cwtch: Privacy Preserving Infrastructure for Asynchronous, Decentralized, Multi-Party and Metadata Resistant Applications." (2018).
|
* Lewis, Sarah Jamie. "Cwtch: Privacy Preserving Infrastructure for Asynchronous, Decentralized, Multi-Party and Metadata Resistant Applications." (2018).
|
||||||
|
|
||||||
|
* Kalysch, A., Bove, D. and Müller, T., 2018, November. How Android's UI Security is Undermined by Accessibility. In Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium (pp. 1-10).
|
||||||
|
|
||||||
* Renaud, K., Volkamer, M. and Renkema-Padmos, A., 2014, July. Why doesn’t Jane protect her privacy?. In International Symposium on Privacy Enhancing Technologies Symposium (pp. 244-262). Springer, Cham.
|
* Renaud, K., Volkamer, M. and Renkema-Padmos, A., 2014, July. Why doesn’t Jane protect her privacy?. In International Symposium on Privacy Enhancing Technologies Symposium (pp. 244-262). Springer, Cham.
|
||||||
|
|
||||||
* Rottermanner, C., Kieseberg, P., Huber, M., Schmiedecker, M. and Schrittwieser, S., 2015, December. Privacy and data protection in smartphone messengers. In Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (pp. 1-10).
|
* Rottermanner, C., Kieseberg, P., Huber, M., Schmiedecker, M. and Schrittwieser, S., 2015, December. Privacy and data protection in smartphone messengers. In Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (pp. 1-10).
|
||||||
|
|
Loading…
Reference in New Issue