Popular crypto app uses single-byte XOR and nowt else, hacker says
First 1024 bits are scrambled. But after the credits, your sex tape is open to all
A programmer claims the makers of a popular encryption app have failed to implement its core feature: encryption.
The hacker, using the alias NinjaDoge24, analyzed the NQ Vault app, which supposedly encrypts files on smartphones and other gadgets. Ninja claims the software used only XOR (exclusive or) and a single-byte key to scramble the first 128 bytes of a .PNG test subject.
It is trivial to decrypt data run through XOR with an 8-bit key. The app appears to generate this key from a passcode typed in by the user.
NQ Vault has been downloaded more than 10 million times on the Google Play store alone and is also available on iOS.
The company behind the app stands by its product, calling its security "appropriate," and claiming that messages, chats, call logs and contact information is encrypted using AES with a 128-bit key – but that list doesn't include pics and vids.
"Image and video files are stored in a format not readily readable by other applications and can only be viewed in Vault after entering the correct password on the device," the company said in a statement.
"These standards are appropriate for the consumer use cases this application is meant for."
The NinjaDoge24's findings have led to critical reviews of the app on the Google Play store.
XOR is a bitwise operation common in crypto algorithms, but it offers little when it is used in isolation and certainly when used with a fixed single-byte key.
The programmer tested an image using NQ Vault finding it only encrypted part of his image file, and quickly wrote a "dumb" tool capable of brute force decrypting files encrypted through the app.
"Looks like a substitution cipher. What if it's just XOR? Like just f**kin' XOR?" NinjaDoge24 wrote. "Everything after the first 128 bytes remains untouched ... Best encryption method ever."
Independent security bod Wade Alcorn (@WadeAlcorn) says the findings render the app insecure. "The research suggests that the NQ’s Vault software attempts to only encrypt the first 128 bytes leaving the remainder of the file in the clear. If this is the case it should not be considered a mechanism to protect data," Alcorn said.
"Encryption is hard, very hard! … This goes to re-emphasise one of the golden rules of secure development: do not create your own cryptographic functions."
Sophos technical chief Paul Ducklin (@duckblog) says security apps should state the encryption algorithms they use on the tin. "Any app that claims to encrypt your data ought to state openly what encryption algorithm it uses, because there's simply no reason not to," Ducklin said.
"If it's not easy to find out, choose another app. If a cryptographic product relies on the encryption 'algorithm' being kept secret, then you should assume that it is insecure and avoid it."
Google has been contacted for comment regarding the app's claims. ®