CMU researchers tout snoop-proof smartphone app SafeSlinger
Carnegie Mellon University software researchers say they have written a smartphone messaging app with security that not even the National Security Agency can break, yet is easy to use.
“Even the NSA cannot break this, we believe. This is a lot safer than any security system out there,” said Adrian Perrig, a former technical director of Carnegie Mellon’s CyLab and a professor at ETH (Eidgenössische Technische Hochschule) in Zurich, who oversaw the project.
The app — called SafeSlinger — is available free on the iTunes App Store for Apple and Google Play Store for Android smartphones. Within a few months, the developers plan to have a similar security app available for email, using Google’s Gmail, Perrig said.
With government snooping on personal data in the name of preventing terrorist attacks and the NSA obtaining personal data from Google, Microsoft, Apple and other technology companies, consumer outrage has increased without a way to fight back.
“That’s precisely what SafeSlinger will do,” Perrig said — provide an easy way to securely exchange messages for free without the need to trust an external party.
Michael W. Farb, a research programmer at Carnegie Mellon CyLab, said, “The most important feature is that SafeSlinger provides secure messaging and file transfer without trusting the phone company or any device other than my own smartphone.” Farb worked on the Android version of SafeSlinger.
The software was introduced at last week’s MobiCom 2013 Conference for Mobile Computing and Networking in Miami after six years of development, funded with $500,000 in research money from the National Science Foundation and Cylab, Perrig said.
“With SafeSlinger, users can gain control over their exchanged information through end-to-end encryption, preventing intermediate servers or service providers from reading their messages or other personal information that is exchanged,” Perrig said.
Other applications such as the popular PGP (Pretty Good Privacy) are available but difficult to use securely. Blackberry was popular among business and other users who needed its security protections, but its data was observed by the government, Perrig said.
A three-minute video is available on YouTube that explains how SafeSlinger works.
The setup between users takes several minutes, when they exchange contact information and answer security questions generated by the app that help it generate encryption and authorization credentials. Then it works like a regular messaging app.
The app developers spent two years debugging the program, and it’s been subjected to three security reviews. In addition, they are publishing the source code for SafeSlinger so it can be reviewed and improved by others.
John D. Oravecz is a staff writer for Trib Total Media. He can be reached at 412-320-7882 or [email protected].