Warning – Encrypted Messenger IronChat Compromised

Posted on the 12 November 2018 by Darkwebnews @darkwebnews

A statement from police in the Netherlands that was released on Tuesday confirmed that they had managed to decrypt over a quarter of a million messages believed to have been sent by criminals using the encrypted messenger IronChat.

IronChat is an encrypted messenger unlike similar apps, such as Signal and WhatsApp.

Though the app uses end-to-end encryption technology, it can only be used on specific encrypted messaging devices that cost thousands of dollars a piece.

Naturally, IronChat's purportedly strong encryption protocols attracted criminal actors who relied on it to communicate safely away from the eyes of the law.

Dutch police became involved during the course of an investigation into a suspected money laundering ring.

In an official statement, the law enforcers said that they managed to intercept and decrypt the encrypted communications of over 100 criminals, gaining access to an estimated 258,000 messages sent using the encrypted messenger.

A quote on the site that has been distributing both IronChat Messenger and the IronPhone devices, blackbox-security.com, placed National Security Agency whistleblower Edward Snowden as an endorser of the failed encrypted app, but following these latest developments, Snowden's representative from the American Civil Liberties Union denied that he had any affiliations with it.

Ben Wizner, director of ACLU's Speech, Privacy and Technology Project, sent out a media statement relaying that Snowden had never even heard of the app before, let alone promote it.

Intercepted and Decrypted

A tip about a man selling crypto phones to criminals in the eastern Netherlands municipality of Lingewaard ignited the operation that has since granted the Dutch police access to 258,000 messages sent between alleged criminals.

So far, the information within these texts have enabled the police to bust a 52-year-old man and his 46-year-old partner on charges of money laundering and participating in organized crime.

A number of the arrests have already been made in relation to the decrypted messages, one of them involving a drug lab in Enschede where large caches of MDMA, cocaine and automatic weapons, as well as a cash sum of 90,000 euros, were confiscated

This is not the first time the Dutch police have compromised an encrypted network used by criminals. In 2016, Canadian and Dutch law enforcers arrested a man selling PGP smartphones and seized the entire network, which they believe was being used extensively by criminals.

Notably, the police did not mention how their investigators managed to decrypt the end-to-end-encrypted messages intercepted from IronChat.

Even though they managed to seize the encrypted message server and take it offline, this should not have given them the ability to read messages that had been encrypted using end-to-end encryption.

Truly end-to-end encryption utilizes public and private keys. In the Signal app, for example, encrypted messages can only be decrypted using the recipient's private key, which is only stored in their devices.

Even if law enforcement seized Signal's servers, there would be no way they could access the contents of the messages without the appropriate decryption keys.

The only viable workaround to a robust end-to-end encryption protocol would require a massive update of the encrypted messenger and the cooperation of all the users of the platform as they would be required to download it first for law enforcement to gain access to message content.

Even then, law enforcement would only be able to read messages sent and received after the installation of the tweaked update.

Errors in IronChat's Encryption

Frank Groenewegen, a researcher at Dutch security firm Fox-IT, speculates that an error in the encryption system of the IronChat messenger could have been the weak link that was exploited by the Dutch police.

His sentiments were reiterated by Dutch public broadcaster NOS, which published an article that revealed a series of critical weaknesses in the IronChat app.

A previous update had changed warning messages about changed encryption keys into small, easy to overlook messages that probably went ignored by the app's users. Crypto keys can change because of various reasons.

Usually, a change in the contact's phone number spurs a change in the encryption key, but so does the introduction of a third party who is trying to intercept messages sent between the first and second party.

NOS reporter Joost Schellevis revealed that the police said the IronChat message exchange server had been hacked-an act that would have been detected by an app with a stronger security framework.

In addition, not even the "delete all messages" button was useful in this odd scenario, according to a tweet by privacy researcher Floor Terra.

Disclaimer: