Whiteout Mail 1.0 and Security Audit by Cure53

As we started closing in on version 1.0, there was one more item on the roadmap: A security audit by a reputable source. A trusted partner since we started Whiteout Networks, Cure53 from Berlin was the obvious choice.

Cure53 has profound knowledge of web security, giving both high-level conceptual advice, as well as well-crafted proof-of-concept-attacks. This has helped to uncover and fix issues that would have never surfaced otherwise.

We’d like to thank them for the fruitful collaboration and their uncompromising stance on security! It was fun to track down the issues and fix them, and we’re proud to say that this ongoing process has helped Whiteout Mail become better in many ways.

Usability is very dear to us, as good usability directly translates into security. During the audit, Whiteout Mail was not only subjected to attacks, but also inspected for ambiguous messaging for the less tech-savvy user of email encryption.

All of the the high-severity vulnerabilities have been discussed and fixed/mitigated, as well as many of the medium to low severity vulnerabilities. We will continue working on the open issues in the coming weeks.

Here is an excerpt from the report’s conclusion:

Cure53 has followed the Whiteout team over the years, providing thorough security advice and in-depth audit. Keep in mind that the first tests and discussion started in late 2013 and continued fruitfully until this day. Cure53 is therefore in a position to have watched the software grow into the current shape of the long-anticipated version 1.0. In the current state of development, Whiteout has mastered mitigation of a large range of security issues. It has matured to a level, where an attacker can only (if at all) revert to social engineering attacks in hopes of meeting his or her goals. Only minor issues remain capable of causing limited damage to the user-base and their encrypted communications.

Providing a secure yet usable mail encryption software is not an easy task and requires consideration of a multitude of attacks, as well as a well-balanced security defense deployed across many levels. It begins on the lower layers of mail reception, mail body parsing and key management, and then moves all the way to the high up handling of the application stack, where a safe, secure and comprehensible UI is required to ensure that the user makes the right decisions. Over the mentioned time period a close collaboration of the Whiteout team with Cure53 was marked by several code audits, concept reviews, discussions and design considerations. Eventually, the software in scope reached the necessary level of maturity, allowing for it to be labeled a 1.0 version without false pretense or an overly quick jump to the first stable major release.

Please follow this link to full the report: https://cure53.de/pentest-report_whiteout.pdf