The Agency's Encrypto
Season 2 of the TV show The Agency depicts a CIA operative using a covert channel to communicate with her handler, dubbed “Encrypto”. It appears to be used by sending messages through an extension or plugin in money transfer app’s messaging system. The application takes plaintext input, converts it to ciphertext (but encoded, rather than any AES or RSA blocks) which the recipient’s application decodes into plaintext. There are some interesting implications on how the tool works that is a fun exersize to explore.
The application, rather than the operator, is encoding and decoding the message. Somewhere on the computer therefore is the codebook or key material, which means it is vulnerable to extraction from an attacker with physical access. We don’t seem to see any special actions taken to put the application into its special mode, but from other espionage fictions, there may be special key presses or other ways to inject into the software key material to access the special mode/code material. That special knowledge would be the only way to keep an attacker with physical access from using the decoding mode on the application, but key material still may be found if not protected in some other way. A forensic analysis of the application may show it differing from the publicly available version (which obviously must be available to keep up appearances of an innoculus software product) at the binary and hash level, making it appear to be a poor tool. Having anything other than genuine applications a machine, in the precense of a sophisticated attacker, would have been immediately suspicious enough to put the operative at risk.
In the show (spoilers), Iranian intelligence gets screen monitoring software onto her machine, which would definitely exposed the plaintext to any interception while communicating. Keyloggers installed at the same time would pick up the operative’s input anyway, so there is not any way to hide the plaintext when all of the key material is on the machine itself, unprotected! Having the key material in the operative’s head would mitigate all of the vulnerabilities in detection, had it even mattered in the show (nothing comes of the screen monitoring, despite using Encrypto later!). Going old school and sending only ciphertext across the channel would have kept it all above board and even seem more plausible instead of a flawed system they do show. Other characters use anonymous access to Threddit (lol, not in this internet!) to pass messages back in forth and even if their code was not sophisticated it evaded detection and was not vulnerable to any of the aforementioned attacks (other than seeming out of character and suspicious).
Long story short, Encrypto seems like a risk that using 18th century techniques would have mitigated and been an improvement on. Using covert channels is one thing, but Encrypto is not sophisticated enough to make a difference it seems. It would be interesting to see some real covert and clandestine channels!