Threat Actor | Description |
---|---|
Governments | Governments around the world are seeking to be able to bypass encryption, and, in general, obtain as much data as possible on citizens' technology usage. |
Organised crime | |
App creators | The creators of secure messaging apps |
Hacktivists | Hacktivists target companies and individuals based on their different political opinions |
Family and friends | Not often considered as a threat actor, although you might want to hide information from a close friend or family |
Run of the mill hackers | |
Mobile device manufacturers | Apple, Samsung, Huawei, etc., all of which need to deliver a secure device |
Operating system providers | These are almost exclusively Apple and Google, both of which need to deliver a secure operating system |
Infrastructure providers | Infrastructure providers include ISPs, data centre providers, third-party service providers (e.g., for message notifications) that may be able to read or interfere with sent/received messages |
Component | Description |
---|---|
App | The app itself |
Web interface | A few apps offer a web interface through which secure messages can also be sent |
Desktop application | A few apps offer a desktop interface through which secure messages can also be sent |
Operating system | Typically either iOS or Android for phones |
Directory service | Each app runs a service to match contacts with each other; this can be by matching cell phone numbers, email address, or by manually adding contacts |
Notification service | Apple and Google run notification services for each respective operating system; either Apple and Google are used to send notifications to phones when new message arrive, depending on the operating system |
Component | Threat Type | Threat | Threat Actor | Explanation | Notes | Which App to Use |
---|---|---|---|---|---|---|
Messaging service | Identifiability | Identifying if someone uses a secure messaging app | All | It's possible to see if someone is using a particular app by trying to sign up with their email address | You'd need to know their email address or possible even spoof their SIM card | Wire, Threema, Wickr |
Messaging service | Non-Repudiation | Someone claims not to have sent a message | All | |||
Messaging service | Information disclosure | Disclosure of information | All | The main point of secure messaging: someone getting access to your messages | Signal, Wire, Threema | |
Messaging service | Unawareness | Unawareness of what a company / government may do with your information | All | Signal, Wire, Threema | ||
Messaging service | Compliance | All | ||||
Notification service | Identifiability | Disclosure if a someone is actively sending messages | Governments, App creators | Signal, Wire, Threema | ||
Notification service | Information disclosure | Disclosure of sender, recipient, and unique device ID | Governments, App creators | Apple or Google has access to the sender, recipient, and unique device ID for each message sent | Signal, Wire, Threema | |
Notification service | Unawareness | Unawareness of what Google and Apple may do with the information | Governments, App creators | Signal, Wire, and Threema can be used on Android without Google Cloud Messages | Signal, Wire, Threema | |
Scenario | Threat Type | Threat | Threat Actor | Mitigation |
---|---|---|---|---|
Journalist initially contacted anonymously by a source | Linkability | Multiple stories given by the same source could be linked together by the ISP intercepting the information | Governments | |
Multiple stories given by the same source could be linked together by the computer being compromised | ||||
Multiple stories given by the same source could be linked together by the computer being seized | ||||
Identifiability | Linking enough information together to uncover a person's identity | Governments | ||
Non-Repudiation | The source claiming he didn't send the information | Governments | ||
Detectability | Identification if someone has submitted information to a journalist | Governments | ||
Disclosure of Information | Both the source's name and information are uncovered by getting a warrant for the newspaper's servers | Governments | ||
Both the source's name and information are uncovered by bribing an insider | ||||
Unawareness | Unawareness of what the information may be used for in the future | Governments | ||