Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsAndroidWho here uses NQ Vault for "security"?
freitasm

BDFL - Memuneh
79310 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#171096 6-Apr-2015 13:51
Send private message

It just happens NQ Vault encryption is an XOR operation and only of the first few bytes.

Not only that but "experts" gave praise to this crap (from the app's Google Play page):

 

  • The most popular app with over 30 million users worldwide
  • CTIA - "The Best App of CTIA by the Techlicious 2012 Best of CTIA Awards"
  • PC Magazine - "PC Magazine Best Apps"
  • TRUSTe - Received "TRUSTe Privacy Seal"
  • Global Mobile Internet Conference App Space - "A top 50 app"

Security snake oil... Not linking to the app page brecause who needs to give this any more links?




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

Create new topic
nzgeek
618 posts

Ultimate Geek


  #1277876 6-Apr-2015 14:59
Send private message

I read the write-up by the guy who broke at the encryption (not that there was much to break). It really is quite laughable, as no matter what PIN you enter our how long it is, out will take a maximum of 256 attempts to break. And given that only the first 128 bytes are "encrypted", you may not even need to "break the encryption" to get at the good stuff.

Looking at those awards and commendations, most of them are complete bupkiss anyway. The only one that should mean anything is TRUSTe, and if they can't pick up such obvious snake oil then it casts everything beating their seal into serious doubt.



nzgeek
618 posts

Ultimate Geek


  #1277888 6-Apr-2015 15:36
Send private message

Just following on from what I wrote above, I've done a bit of a check to see if I can find out anything more about the app, particularly if better encryption is used when you pay for the premium version. There's absolutely no credible information out there at all. I've found a single app review that mentions 128-bit AES encryption, and the only correct bit of that is the number 128.

What I did find was quite some number of "top app list" articles that include NQ Mobile Vault, mostly dating from 2012. It looks like the entire security check in pretty much every review consists of "When I protect the file it disappears, and when I unprotect it the file comes back." No real analysis, just a few vague words from people who probably thing that Twofish is something you catch with a rod and reel.

If you want to use a file encryption app, make sure you choose one that tells you how the files are protected. Look for well-known algorithms like RSA, AES (Rijndael), Blowfish, Twofish, IDEA, or 3DES (TripleDES). Ignore anything that doesn't say what it uses, or which days that it uses a "proprietary" algorithm. The only thing that should be secret are your passphrase and the files.

Rikkitic
Awrrr
18665 posts

Uber Geek

Lifetime subscriber

  #1277895 6-Apr-2015 16:06
Send private message

This is way after my time, but many many moons ago I developed some early anti-virus software, which resulted in my getting a gig doing security software reviews for a local PC mag (this was in Europe).

At that time viruses were just entering the news in a big way and there was the usual hysterical running in circles by companies like our local telecom and others with IT departments. There was also a corresponding rush by ‘security’ companies to bring out products to address these issues. This was still in the days of MS DOS and I was fairly adept with Assembly (not common even then), which gave me insight into systems-level programming tricks and the ability to see what software programmed in higher languages was actually doing at the machine level.

As a result, I produced some pretty scathing reviews of some much-hyped security software. I remember one very upset importer of a Russian product, who accused me in an angry letter to my editor of not knowing what I was talking about. Since I could see and follow the actual hex code I was able to come back with a detailed, point-by-point rebuttal that also made clear that the product’s advertising was full of outright lies. For example, the packaging loudly proclaimed that the product did not use virus signatures, but some new magical algorithm instead. Yet I could see the (unencrypted) list of signatures in the database code, and they weren’t even very good. I also demonstrated that the program was missing two-thirds of the viruses it was supposed to detect.

Yet this and other similar products received rave reviews from other publications. I soon realised that the reviewers had no understanding of code and truly no idea what they were talking about, and in desperation they were quoting each other to make it seem like there was some kind of consensus. I find it amusing to see that nothing has changed since that time.




Plesse igmore amd axxept applogies in adbance fir anu typos

 


 

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright