Application integrity insurance #115
Comments
|
Just started using Wire couple days ago and I started light audit of Wire architecture/communications. And I was thinking about the same. Virtually it possible to change code on server side without user notification to... let's say, insecure version and intercept traffic. I'm not really familiar with Electron architecture, if it is possible to use local version instead of web-based. But I don't like to rely on web-version. |
|
We need to get our hands on mobile version |
|
Dear IpsmLoremm, can you please double check this bug report? It is a bit related to this one. |
|
The same could be asked for the iOS version. Is there some code out of the Downloaded app ? |
|
IMO opinion this Electron-based thing (same goes to browser client) cannot guarantee full privacy/security in case of server-side vulnerabilities. |
|
I don't understand this issue. so if you don't like app.wire.com / the browser version, just use the desktop version. Or did I miss the point anyhwere? About server side vulnerabilities: everything depends on working https. if any server-side private keys are getting compromised, wire as a whole would be insecure. (maybe not the axolotl protected e2ee messages, but integrity of other up/downloads) |
|
HTTPS can only protect against MITM attack. Think of it like GPG-encrypted emails - I take care not about Google's/Yahoo's/etc. server side (and their private keys) if my GPG private key and my GPG binary are secure. With web-based technology I receive this "GPG binary" along with its' logic (in form of JS) every time I start/open client. If server side is compromised (which has to be kept in mind in case if we want real security) this "GPG binary" can be easily compromised too. |
|
@timur-davletshin wire is using the signal protocol (a customized version of the axolotl protocol), so the encrpytion shouldn't be the problem here, the e2ee wouldn't be compromised if server side private keys are stolen. |
|
E2E is when my client encrypts something on my computer with some sort of binary or in our case with JS function and delivers to addressee for decryption (on the other end). Transport security is of little importance. |
|
thats all clear. but transport security is important for client updates and it's integrity. I'm not talking about communication and message encryption in this case. |
|
In case of real desktop clients secure updated are provided via some sort of signed package/binary, in case of web-based — with HTTPS. But the point in having not web-based application is that breaking-in to my computer and to server are two different events. In case of web-based - it is one event since everything is on one physical server. |
|
so you draw a case like: some blackhat hacked the wire server which serves everything from communications to wire client updates. he would be able to change the files getting deployed to all other clients around the globe. the clients trust the server, the server-certificate (tls) and thinks everything is fine, while getting modified client updates. but I got your point. you want a signed wire installation package with all logic implement on your local device, so nothing has to be loaded via (possibly compromised) https - and therefor still working secure.
so if missed that the desktop-version is still loading all logic from web via https like the wire-webapp used to do, I'm sorry - didn't know - then I'd really support this request as written in the opening post. |
|
In case of Electron-based app I'm not entirely sure that it works only with local files. As I said I'm not familiar with details of this technology that is why I'm asking for help/explanations. |
|
without digging in the desktop source code now to find answers to local-or-remote-logic problem: Currently, I'm still assuming all client-logic is placed locally in wire desktop-version. if that's not the case, everything i wrote above makes no sense at all. |
|
@IpsmLorem @timur-davletshin |
IpsmLorem
changed the title
|
@tokariu besides main scenario, quoting you: "some blackhat hacked the wire server", there is another one, when hacker is not someone paid salary in a non-Switzerland country, but is a Switzerland's IC itself approaches Wire to do certain code corrections, to serve only specific users, definitely foreigners to Switzerland. Fear mongering of populace works as a social engineering method even in a Sweet-zer-land. @timur-davletshin Electron-based app doesn't have to do anything with network to function. It is this particular app, wire, that takes all of its code on demand from a server. If you can get over |
|
Unfortunately, #17 was closed by Wire's employees. And, because it was closed, you haven't seen it. I suggest you reopen this issue. |
|
I think, github should have two categories: closed issues, and satisfied issues. Cause, as this issue shows, closed doesn't mean satisfied/fixed. |
Application Code integrity is fundamental when talking about security oriented application.
For now, Wire desktop download the application code like a browser would do.
Since Wire desktop is powered by Electron, there is a way to ensure application integrity by embeding all the code into the local application and rely on Internet network only for message transmission.
PS: Somehow related to wireapp/wire-ios#197
Correct me if I'm wrong ! :p
The text was updated successfully, but these errors were encountered: