SAFE Network resistance to Pegasus spyware

I would like to ask if the SAFE Network will be able to protect users against software such as Pegasus by NGO Group https://www.medianama.com/2019/10/223-nso-pegasus-spyware/

NSO products are used exclusively by government intelligence and law enforcement agencies but recently, there has been a lot of information about the use of this software for the surveillance of journalists and human rights organizations.

Software uses vulnerabilities in applications, installs and runs imperceptibly. Is it worth looking at how it could take over data or passwords in the SAFE Network and include it in the network design?

1 Like

My guess is that endpoints will always be vulnerable to this sort of attack and there’s not much that the network could do to stop it if the user is running vulnerable software on the same device they are using for SAFE. Then again, I don’t know if Pegasus is especially configured to intercept traffic over WhatsApp, Telegram etc or whether it basically just hoovers up everything. If the former it’s unlikely to target SAFE apps, at least in the early days.

I suspect it will be down to good practice to minimise these sorts of risks though. Someone who suspects they are at a high risk can always login to the network from a clean device.

4 Likes

FT informs - “The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch.”

The question arises, is Pegasus able to take over the SAFE Net user password at the time of its creation and how to prevent it?

1 Like

I’m not an expert but the endpoint is always going to be a weak link. Maybe SAFE could introduce multifactor authentication at a later stage to make login more secure, but if malware can see and log what’s on your screen that’s another matter. Again, I don’t know about Pegasus in particular but nothing is ever 100% secure and reducing risk is not 100% a technical problem.

3 Likes

The problem is very important because SAFE will not make sense if such spyware will have a screen preview at registration.

If your login and password are taken over, it will not only be possible to steal your data, but users will publicly say that SAFE is not secure because they will think, that the SafeNet does not protect their identity and data!

I think the password isn’t the most problematic thing here (it’s not needed for SN to function), but the account key is, because it needs to be accessible through out the whole lifetime of the SN (= the whole time the SN is running on your computer and you’re logged into it). The key gets generated from the password when you’re logging into your SN account and is the actual thing your SN client is using to authenticate itself when doing PUTs, etc. so stealing the key would give you full access to the account, multifactor auth at login would do nothing to increase the security.

An afterthought: we could separate the account signing key from the key needed to encrypt/decrypt the “root” account file (those are already separated… technically…) and then drop the second key from memory, but that would require the user to login each time they want to see or edit their account data. We would still need to keep some account data in memory. And it would be just a mild increase (if any) in security, for the reason that an already installed spyware could get access to the “root” key and thus to the whole account each time the user is logging into his account.


How is the SN in any way different from any other software? And why would this matter so much more for the SN than for other software?

2 Likes

“As the Safe Network does not protect from all the dangers better to continue with the current internet that concentrates all the power in a few companies that spy on us, sells our life for a few cents and are easily hacked daily…”

Sorry, I don’t buy such arguments.

2 Likes

I am not sure if I have been understood well. The problem is not every time logging in, but the first registration. If spyware controls your smartphone, regardless of whether it is a login and password or a key, or whatever sets our ID and decides about setting up an account in SAFE Net, it will be taken over by a program such as Pegasus.

SAFE Net is created as a new Internet and any other software is only any other software.
Because SAFE Net is called a secure network and is created to provide complete security.

I think that because @dirvine and his team have been working hard on this project for 13 years, it is our duty to help solve the problem that is noticed, not to shrug and say that SAFE Net will not solve all problems.

It’s not about buying arguments, it’s just about noticing the problem.
Do you have a proposition on how to solve it?

Nothing in the world is going to save your data if you have spyware on your own computer. Just like nothing is going to save your data if bad people start hitting you over the head with a wrench. It’s not a bug or a feature of the Safe network. It’s just how things work.

6 Likes

It’s an endpoint security problem not a network problem - which is not to say it’s not an issue, just that it’s beyond the scope of this or any other secure networking project to solve. All we can really do is adopt the best secure authentication techniques that are out there as they arise and educate people to the risks.

6 Likes

The easiest is not to click on a malicious link that could infect your smartphone.

But if you want (almost) complete security, use a device exclusively for the Safe network. Something like Librem 5 better than a standard device.

Or access the network only in desktop computer in Live OS.

5 Likes

Why? When registering you create an encrypted file and store that file on the SN, that file contains all the info needed to do anything with that account. Logging in just downloads that file, decrypts it and makes it changeable. I do not see a difference here, if intercepted by someone, that someone gets full access to the account, in both cases.


You need to do all the encryption shit somewhere, thus somewhere gets to also see the unencrypted stuff.

Can you explain, how what you want done could be achieved?
As others have stated in different words,
I think you are asking for the impossible.

2 Likes