Questions raised over Android’s default cipher for secure connections
Cryptography is complex and has its own jargon with words like hashes, keys, ciphers etc. To the uninitiated it can be a complete mystery. Thankfully there are lots of clever people who have a grasp on how encryption works and what it means to us mere mortals. A recent discovery by one such expert has raised some questions about why Android is using weak levels of encryption by default when it tries to initiate a secure, encrypted connection.
Encryption is essential for all online users for simple activities like using your username and password or for more riskier actions like transferring money around using online financial services. Encryption protects our private data so that other, often less scrupulous, people can’t get access to it.
Encryption has been around for a very long time and its use and misuse is the stuff of legends, wars have been won and lost on the strength of the encryption used. Today there are a myriad of different encryption techniques which are based on highly complex mathematical models. Overtime these models are probed and prodded to see if there are any inherent weaknesses. Several key pieces of encryption technology have come under fire in recent years including the Secure Socket Layer (SSL) , Transport Layer Security version 1.0 (TLS v1.0), RC4 and MD5. For those not familiar with these terms, SSL and TLS define ways to create a secure connection between a client (an Android device) and a server, while RC4 and MD5 are an encryption technique and hashing function respectively.
In short SSL, TLS v1.0, RC4 and MD5 are now considered bad. There are plenty of other technologies around that supersede these older systems (RC4 was designed in 1987) and TLS v1.0 has been replaced by TLS v1.1 and v1.2. But here is the problem, according to research performed by Georg Lukas, Android used to prefer one type of encryption (RSA/AES256) by default and then suddenly switched to using another, yes you guessed it RC4 and MD5.
Now come the conspiracy theories. In September 2011 some security researches released a paper describing how encryption like AES (the one used by default in Android before switching to RC4) was vulnerable to a weakness, a weakness which until then had only been seen as theoretical. Their attack was called Browser Exploit Against SSL/TLS or BEAST for short! The recommendation given by everyone including Google, Microsoft and the researchers themselves was to switch to RC4. In this sense Android’s default cipher list matches the recommendation given to mitigate against the BEAST. But, Android changed to RC4 in late 2010 almost a full year for the BEAST vulnerability was described! Cue the accusations of NSA interference. According to Lukas the reason given for the change was so that the default cipher list was the same as the list defined by the various Java specifications.
The current recommendations by security experts is to revert to using ciphers like AES but in conjunction with TLS v1.1 or v1.2 which fixes the problems exposed by the BEAST or move to newer ciphers like AES-GCM.
The good news is that Android app developers can define their own default list of ciphers to override the predefined ones in Android. Lukas also notes in his research that the default Android browser (from Android 4.2.2. on wards) and the Android versions of Chrome and Firefox don’t use the default cipher list but rather prefer using AES in conjunction with some clever stuff based on Elliptic Curves as defined by Diffie and Hellman. Try saying that first thing in the morning!
What do you think? Coincidence or NSA?