CyanogenMod announces secure phone locating, remote wiping service
The CyanogenMod team has announced a new service that allows users to locate their lost phones or securely wipe their device (including the contents of the SD card) in case it gets stolen.
The service will be accessible via the (optional) CyanogenMod Account and, according to the project’s head moderator, is better than other similar solutions.
“This kind of service is something that should be a part of any mobile OS experience, and we are proud to bring this functionality to our users,” he wrote in the blog post announcing the feature. “There are existing solutions on the market to allow Find/Wipe functionality, but we feel they are inherently insecure, enabling company employees or malevolent attackers to access your location data, or other information, without your permission.”
As Koushik Dutta, a developer on CyanogenMod helpfully and easily explained:
The server never has your password. Your authentication is a derived password.
A public key is generated in the browser, and hmac’d with the actual password (unavailable to the server).
On a device find request, the Android device receives this public key, and validates it is authentic, as the Android device also has the same, underived/original, password.
The Android device sends back an encrypted symmetric key using the public key.
The server can not decrypt the symmetric key, as it does not have the private key.
The browser receives the encrypted payload, and decrypts the symmetric key.
The browser and phone at this point have a secure communication channel, and both sides have authenticated each other. The server is not capable of listening in. It merely provides a transport.
The browser then requests the device location (or requests a wipe) through this secure channel.
“This is how device finding should be done. You can not trust that a service will never be compromised. You can never trust that a service will not be subject to the will of a government request,” he added.
But don’t trust his word – the code for the feature is available on GitHub, and the developers are urging anybody and everybody to review it for flaws and test it.
“The CM account is optional and free. The service is secure and managed by us. The website client side encryption code is not obfuscated. The application is open sourced and Apache licensed,” reassures the moderator. “We have no interest in selling your data. We cannot track you or wipe your device. We designed the protocol in such a way that makes it impossible for anyone but you to do that.”
He also announced that well-known whitehat hacker and security researcher Moxie Marlinspike is working on a new secure SMS feature for CyanogenMod, and that it will be offered via the CyanogenMod Account.