Hacker 10 – Security Hacker

Tag: ChatSecure review

  • Encrypted chat for iPhone and iPad with ChatSecure

    Encrypted chat for iPhone and iPad with ChatSecure

    ChatSecure is a free iOS app for end to end encrypted chat with the Off The Record messaging system able to communicate with any chat software based on XMPP, like Google Talk, Jabber, Facebook, Oscar IM and ChatSecure in Android, it will not work with Yahoo Messenger or Skype contacts.

    The app settings are simple but effective, you can change chat font size, set to autodelete chats on disconnect and get a warning before automatic sign out, your friends (Buddy list) chat accounts are accessible with a single tab on the side bar, each account has a logo indicating the messaging system your they are using, when you first establish a connection you will be shown the encryption key fingerprint and ask to verify it, this stops man in the middle attacks where someone injects a fake encryption key in between you and the other end to be able to listen in.

    ChatSecure encrypted iPad chat
    ChatSecure encrypted iPad chat

    With this app there is no central server to store or monitor your data and third party eavesdropping is not possible because ChatSecure encrypts communications but you would still need to make sure that your acquaintance mobile device has not been stolen and he is who he claims to be, you also need to be aware that you are not anonymous in ChatSecure, the app will encrypt messaging but not hide the IP behind them, for anonymity add a VPN provider before starting the chat.

    ChatSecure offers perfect forward secrecy, this means that temporary private encryption keys are generated for each session so if you lose them the keys can not be used to decrypt past chat logs or linked to you.

    Visit ChatSecure iTunes homepage

  • Android phone encrypted IM chat with ChatSecure

    Android phone encrypted IM chat with ChatSecure

    Gibberbot renamed ChatSecure is a secure Instant Messenger app for Android phones, it works with any Jabber or XMPP compatible chat software (Facebook chat, GTalk, Ovi, Openfire, etc) this open source messenger developed by the Guardian Project uses end to end encryption with Off-the-Record messaging (OTR) standard, it will keep your service provider out of the equation making it impossible for an eavesdropper to read the messages.

    Optionally ChatSecure can be used with Orbot (tor on Android app) to chat over the tor network, adding anonymity to an already private chat and circumventing censorship firewalls. Before signing into the chat you will be asked if you would like to save your password, you shouldn’t do this as anyone with access to your phone would be able to impersonate you.

    Android secure IM Gibberbot
    Android secure IM ChatSecure

    Off-the-Record encryption needs both parties to be using it, the people you are chatting with must have ChatSecure installed or be using a desktop computer with an instant messenger that has the plugin installed, Pidgin (Windows&Linux) and Adium (Mac) can all use Off-the-Record (OTR).

    You should swap digital fingerprints first to make sure he/she is the right person behind the keyboard, ChatSecure allows you create a scannable QR (Quick Response) code out of a digital fingerprint making it easy to exchange in person, after verifying fingerprints with your partner the chatbox will be shown green indicating that encryption and identity have all been authenticated, if you can not verify your partner’s identity the chatbox will be coloured orange indicating that encryption is working but identification failed, if encryption doesn’t work because the other end hasn’t got ChatSecure installed the chatbox will be shown in red colour and can still be used.

    Visit ChatSecure Google Play page