Questions raised over Android’s default cipher for secure connections

October 17, 2013
37 102 5

cryptographic binary codeCryptography is complex and has its own jargon with words like hashes, keys, ciphers etc. To the uninitiated it can be a complete mystery. Thankfully there are lots of clever people who have a grasp on how encryption works and what it means to us mere mortals. A recent discovery by one such expert has raised some questions about why Android is using weak levels of encryption by default when it tries to initiate a secure, encrypted connection.

Encryption is essential for all online users for simple activities like using your username and password or for more riskier actions like transferring money around using online financial services. Encryption protects our private data so that other, often less scrupulous,  people can’t get access to it.

Encryption has been around for a very long time and its use and misuse is the stuff of legends, wars have been won and lost on the strength of the encryption used. Today there are a myriad of different encryption techniques which are based on highly complex mathematical models. Overtime these models are probed and prodded to see if there are any inherent weaknesses. Several key pieces of encryption technology have come under fire in recent years including the Secure Socket Layer (SSL) , Transport Layer Security version 1.0 (TLS v1.0), RC4 and MD5. For those not familiar with these terms, SSL and TLS define ways to create a secure connection between a client (an Android device) and a server, while RC4 and MD5 are an encryption technique and hashing function respectively.

In short SSL, TLS v1.0, RC4 and MD5 are now considered bad. There are plenty of other technologies around that supersede these older systems (RC4 was designed in 1987) and TLS v1.0 has been replaced by TLS v1.1 and v1.2. But here is the problem, according to research performed by Georg Lukas, Android used to prefer one type of encryption (RSA/AES256) by default and then suddenly switched to using another, yes you guessed it RC4 and MD5.

Now come the conspiracy theories. In September 2011 some security researches released a paper describing how encryption like AES (the one used by default in Android before switching to RC4) was vulnerable to a weakness, a weakness which until then had only been seen as theoretical. Their attack was called Browser Exploit Against SSL/TLS or BEAST for short! The recommendation given by everyone including Google, Microsoft and the researchers themselves was to switch to RC4. In this sense Android’s default cipher list matches the recommendation given to mitigate against the BEAST. But, Android changed to RC4 in late 2010 almost a full year for the BEAST vulnerability was described! Cue the accusations of NSA interference. According to Lukas the reason given for the change was so that the default cipher list was the same as the list defined by the various Java specifications.

The current recommendations by security experts is to revert to using ciphers like AES but in conjunction with TLS v1.1 or v1.2 which fixes the problems exposed by the BEAST or move to newer ciphers like AES-GCM.

The good news is that Android app developers can define their own default list of ciphers to override the predefined ones in Android. Lukas also notes in his research that the default Android browser (from Android 4.2.2. on wards) and the Android versions of Chrome and Firefox don’t use the default cipher list but rather prefer using AES in conjunction with some clever stuff based on Elliptic Curves as defined by Diffie and Hellman. Try saying that first thing in the morning!

What do you think? Coincidence or NSA?


  • john the fisherman

    inb4 conspiracy theories

  • Balraj

    Beast !!!
    Security is always a prob..but it will keep on evolving
    So let’s forget about it and move on

  • mark

    Google is our biggest privacy threat….. beyond nsa…. unless we outsmart google and their devices

  • eric Soulliage

    and this is not even new , echelon that was deployed in the ’60 intercepted and analysed high 90% of ALL WORLDWIDE electronic communications , then we had the clipper chip , Carnivor , Carnivor 2 , and we are now finding that most criptographic algorithms have been knowingly and purposefully weakened and or backdoor-ed by US intelligence. last year we have learned that the NSA was building the largest intercept and analyse center in the world capable of decryption tens of Petabytes worth of traffic per year , how do you decipher this much data ? brute forcing (trying all combinations for keys) is not an option here , since it would require too much time and or energy ( a secret is really worth something if you get to decipher it in the usefully lifetime of the secret , and decryption this amount of data would require more computing power then is present on the planet as we know) , so the only real alternative is going AROUND the lock (a little bit like locking your armored door , but leaving the window opened) , this is either done by weakening the algorithms (like it was done with DES, where the cipher key instead of being re-randomize was being reused / derived from the original key , making successive keys computable) or by using something even more out of this world :

    QUANTUM COMPUTERS , a Canadian company d-wave, has been publicly selling one for a few years now , google is publicly testing one , what do you think our secretive intelligence organisations are running away from curious eyes ? this is like an ant colony trying to fight a modern aircraft carrier battle group , you see a huge shadow coming up on your world and think it is the sun setting for the night , when it really is just the shadow projected by the sole of the government shoe

  • Caitlin Roberts

    Google and Bing work for the NSA, don’t trust any Google or Microsoft product.