This Is Why You Shouldn’t Trust Flashy Crypto Apps
Originally posted on March 8, 2017
If you’re interested in creative code, the crypto world can be a real buzzkill.
Figured out a new way to exchange keys? Sorry, you’re better off using this protocol from the 70s. At least we know it works! Got a cool idea for a random number generator? Doesn’t matter; you’re not supposed to roll your own. Every new idea is a new chance to screw things up, and nobody will ever trust that you’ve gotten it right. Even if you do everything perfectly, someone will still accuse you of working for the CIA.
After enough times through the ringer, it’s easy to roll your eyes at the whole thing. There are so many hoops to jump through, from auditing to bug disclosure. Even if you get the crypto world on your side the way Signal has, there are countless design choices and compromises that will get you in trouble. Nobody gets away entirely clean. So what does it matter if you skip a few code audits?
But it does matter, because if you ignore it entirely, something like this will happen.
Confide has been offering self-destructing message for years, gaining credence recently amid rumors that White House staffers are using it to gossip about Trump. But the app has never been embraced by crypto experts, for the simple reason that it’s never invited third-party experts to audit its code. Now, the security firm IOActive has dug into the code, and according to a Cyberscoop report, the result is several critical vulnerabilities, which have been sitting undiscovered for the past three years.
Even given that news, it can be hard to appreciate how bad this is. Bugs happen all the time, and the bug itself usually isn’t as important as how quickly it’s found and fixed. But three years is a long time, and finding this many bugs this quickly suggests the lack of an audit was covering up some serious errors. If anyone had wanted to target a particular Confide user — like, say, an FBI leak investigation — those errors could have serious consequences.
The lesson is simple enough: audits matter. And the next time you see crypto folks tearing their hair out over an unaudited messaging app, take heed.
