Share This Page

CMU researchers tout snoop-proof smartphone app SafeSlinger

| Monday, Oct. 7, 2013, 11:41 p.m.

Carnegie Mellon University software researchers say they have written a smartphone messaging app with security that not even the National Security Agency can break, yet is easy to use.

“Even the NSA cannot break this, we believe. This is a lot safer than any security system out there,” said Adrian Perrig, a former technical director of Carnegie Mellon's CyLab and a professor at ETH (Eidgenössische Technische Hochschule) in Zurich, who oversaw the project.

The app — called SafeSlinger — is available free on the iTunes App Store for Apple and Google Play Store for Android smartphones. Within a few months, the developers plan to have a similar security app available for email, using Google's Gmail, Perrig said.

With government snooping on personal data in the name of preventing terrorist attacks and the NSA obtaining personal data from Google, Microsoft, Apple and other technology companies, consumer outrage has increased without a way to fight back.

“That's precisely what SafeSlinger will do,” Perrig said — provide an easy way to securely exchange messages for free without the need to trust an external party.

Michael W. Farb, a research programmer at Carnegie Mellon CyLab, said, “The most important feature is that SafeSlinger provides secure messaging and file transfer without trusting the phone company or any device other than my own smartphone.” Farb worked on the Android version of SafeSlinger.

The software was introduced at last week's MobiCom 2013 Conference for Mobile Computing and Networking in Miami after six years of development, funded with $500,000 in research money from the National Science Foundation and Cylab, Perrig said.

“With SafeSlinger, users can gain control over their exchanged information through end-to-end encryption, preventing intermediate servers or service providers from reading their messages or other personal information that is exchanged,” Perrig said.

Other applications such as the popular PGP (Pretty Good Privacy) are available but difficult to use securely. Blackberry was popular among business and other users who needed its security protections, but its data was observed by the government, Perrig said.

A three-minute video is available on YouTube that explains how SafeSlinger works.

The setup between users takes several minutes, when they exchange contact information and answer security questions generated by the app that help it generate encryption and authorization credentials. Then it works like a regular messaging app.

The app developers spent two years debugging the program, and it's been subjected to three security reviews. In addition, they are publishing the source code for SafeSlinger so it can be reviewed and improved by others.

John D. Oravecz is a staff writer for Trib Total Media. He can be reached at 412-320-7882 or joravecz@tribweb.com.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.