briar issueshttps://code.briarproject.org/briar/briar/-/issues2017-06-09T19:25:50Zhttps://code.briarproject.org/briar/briar/-/issues/932Panic button sign out response doesn't terminate process2017-06-09T19:25:50ZakwizgranPanic button sign out response doesn't terminate processWhen Briar signs out in response to a panic button intent, relaunching the app brings up the contact list rather than the password screen, with the progress wheel spinning indefinitely.
This happens because the panic button response shu...When Briar signs out in response to a panic button intent, relaunching the app brings up the contact list rather than the password screen, with the progress wheel spinning indefinitely.
This happens because the panic button response shuts down BriarService but doesn't terminate the process.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/914Simplify SecureRandom implementation2017-06-09T19:25:51ZakwizgranSimplify SecureRandom implementationOur current SecureRandom implementation involves XORing a Fortuna-based PRNG with the system's default SecureRandom implementation. This is meant to help protect against any weaknesses in the system's PRNG, such as the Android SecureRand...Our current SecureRandom implementation involves XORing a Fortuna-based PRNG with the system's default SecureRandom implementation. This is meant to help protect against any weaknesses in the system's PRNG, such as the Android SecureRandom bug (CVE-2013-7372, https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html). However, the construct is quite complex and not properly documented. We should simplify it and document it.Milestone Ghttps://code.briarproject.org/briar/briar/-/issues/913Password strength estimator produces poor results2018-05-22T14:34:15ZakwizgranPassword strength estimator produces poor resultsThe estimates produced by the password strength estimator don't correspond to people's expectations.
The estimate is based on a combination of the number of unique characters and the classes those characters are drawn from (lowercase, u...The estimates produced by the password strength estimator don't correspond to people's expectations.
The estimate is based on a combination of the number of unique characters and the classes those characters are drawn from (lowercase, uppercase, digits and other). We should consider either using a simpler formula - for example, just the length of the password - or a proven formula such as zxcvbn (https://github.com/dropbox/zxcvbn).
This was also reported by a user in a recent test.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/912StreamEncrypterImpl should reject invalid padding length2017-06-09T19:25:52ZakwizgranStreamEncrypterImpl should reject invalid padding lengthPassing a negative paddingLength to StreamEncrypterImpl#writeFrame() causes an infinite loop. The arguments should be more strictly validated.Passing a negative paddingLength to StreamEncrypterImpl#writeFrame() causes an infinite loop. The arguments should be more strictly validated.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/911HTML in blog posts should be sanitised2017-06-09T19:25:52ZakwizgranHTML in blog posts should be sanitisedLinks in manually created blog posts can specify any protocol. This can be used to specify the `intent://` protocol handler, which makes creation of intents possible. This can be used to crash the app when the user clicks on a link. Othe...Links in manually created blog posts can specify any protocol. This can be used to specify the `intent://` protocol handler, which makes creation of intents possible. This can be used to crash the app when the user clicks on a link. Other malicious actions might be possible.
All HTML should be passed through the HTML sanitiser before being rendered, and we should ensure that the sanitiser removes URLs with unknown protocols.Milestone GTorsten GroteTorsten Grotehttps://code.briarproject.org/briar/briar/-/issues/910Possible intent hijacking via PendingIntent2017-12-18T07:40:20ZakwizgranPossible intent hijacking via PendingIntentAndroidNotificationManagerImpl creates PendingIntents without setting an explicit class or component to receive the intent. This could allow a malicious app to redirect the intent to perform an action with the permissions of the Briar ap...AndroidNotificationManagerImpl creates PendingIntents without setting an explicit class or component to receive the intent. This could allow a malicious app to redirect the intent to perform an action with the permissions of the Briar app.
https://developer.android.com/reference/android/app/PendingIntent.html#getBroadcast(android.content.Context,%20int,%20android.content.Intent,%20int)
https://www.securecoding.cert.org/confluence/display/android/DRD21-J.+Always+pass+explicit+intents+to+a+PendingIntentMilestone GTorsten GroteTorsten Grotehttps://code.briarproject.org/briar/briar/-/issues/909User disruption via exposed activities2017-12-18T07:40:22ZakwizgranUser disruption via exposed activitiesA malicious app running in the background could continuously send crafted intents to annoy the user until she decides to uninstall Briar.
This issue can be confirmed by running the following ADB Commands:
```
adb shell am start -a "andr...A malicious app running in the background could continuously send crafted intents to annoy the user until she decides to uninstall Briar.
This issue can be confirmed by running the following ADB Commands:
```
adb shell am start -a "android.intent.action.MANAGE_NETWORK_USAGE" -n "org.briarproject.briar/org.briarproject.briar.android.settings.SettingsActivity"
adb shell am start -a "info.guardianproject.panic.action.CONNECT" -n "org.briarproject.briar/org.briarproject.briar.android.panic.PanicPreferencesActivity"
adb shell am start -a "android.intent.action.MAIN" -n
"org.briarproject.briar/org.briarproject.briar.android.splash.SplashScreenActivity"
```
This sequence displays the Briar settings, then the panic settings, then the splash screen, logging the user out.
These intents are all useful, but we should consider how to handle them in such a way that the potential disruption is minimised. The MANAGE_NETWORK_USAGE intent could be removed if necessary.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/908RSS import leaks DNS lookups2017-12-18T07:40:22ZakwizgranRSS import leaks DNS lookupsThe RSS importer performs a DNS lookup for the RSS server before connecting to the server via Tor. This leaks the identity of the server to the local network and the internet.The RSS importer performs a DNS lookup for the RSS server before connecting to the server via Tor. This leaks the identity of the server to the local network and the internet.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/907Panic button sign out action doesn't require authenticated intent2017-12-18T07:40:22ZakwizgranPanic button sign out action doesn't require authenticated intentAny app can cause Briar to sign out by sending a panic button intent. This makes panic button setup easier for the common case, but it would also allow a malicious app to make Briar unusable.
All panic button actions should require the ...Any app can cause Briar to sign out by sending a panic button intent. This makes panic button setup easier for the common case, but it would also allow a malicious app to make Briar unusable.
All panic button actions should require the user to nominate a panic button app, and should use TrustedIntents to ensure that panic button intents come from the nominated app.Milestone GTorsten GroteTorsten Grotehttps://code.briarproject.org/briar/briar/-/issues/906Tapjacking vulnerability2017-12-18T07:40:22ZakwizgranTapjacking vulnerabilityBriar is vulnerable to tapjacking attacks, where the user interacts with Briar while she believes she's interacting with another app. This can be used to delete the user's account, for example.
Proof-of-concept:
https://cure53.de/exc...Briar is vulnerable to tapjacking attacks, where the user interacts with Briar while she believes she's interacting with another app. This can be used to delete the user's account, for example.
Proof-of-concept:
https://cure53.de/exchange/792346243678/Tapjacking_PoC2.zipMilestone GJulian DehmJulian Dehmhttps://code.briarproject.org/briar/briar/-/issues/905Move Testing constants into Gradle2017-12-18T07:40:22ZErnir ErlingssonMove Testing constants into GradleOne could argue that having to remember to set the `TESTING` flag to false, before releasing versions for a production, is a security flaw in itself.
There's a better way: we should use gradle to set the flag depending if we're using a ...One could argue that having to remember to set the `TESTING` flag to false, before releasing versions for a production, is a security flaw in itself.
There's a better way: we should use gradle to set the flag depending if we're using a debug or release version.Milestone GJulian DehmJulian Dehm