Security Policy - TerminaLLM

Overview

TerminaLLM is a mobile SSH terminal client designed with security as a core principle. This document describes our security model, implemented protections, and guidelines for secure usage.

Security Architecture

Threat Model

TerminaLLM handles sensitive SSH credentials and provides access to remote systems. Our security design addresses:

Credential Theft: Attackers gaining access to stored credentials
Man-in-the-Middle (MITM): Attackers intercepting SSH connections
Device Compromise: Attackers with physical or malware access to the device
Brute Force: Attackers attempting to guess MFA codes
Session Hijacking: Attackers attempting to take over authenticated sessions
Shoulder Surfing: Visual observation of credentials or terminal content

Security Principles

Credentials Not Stored by Default: SSH passwords are entered at connection time and cleared from memory immediately after use. Users may opt in to the Credential Vault, which encrypts credentials locally using AES-256-GCM with HKDF-Expand key derivation and per-credential random nonces, with configurable TTL expiry
Defense in Depth: Multiple layers of security (MFA, biometrics, encryption)
Minimal Privilege: App requests only necessary permissions
Fail Secure: On errors, default to denying access
Transparent Security: Users informed of security events via audit logs

Implemented Security Controls

Authentication

TOTP MFA: Mandatory time-based one-time passwords (RFC 6238)
Biometric Auth: Optional Face ID / Fingerprint as secondary factor
Rate Limiting: TOTP: 5 failed attempts triggers 2-minute lockout (persistent). Connection rate limiting per security profile: Paranoid: 3/min, 10-min lockout. Casual: 5/min, 5-min lockout. Speedster: 10/min, 1-min lockout.
Code Reuse Prevention: TOTP codes cannot be reused within time window
Session Timeout: Re-authentication required after inactivity

Credential Protection

No Default Password Storage: Passwords not stored by default; opt-in Credential Vault available
Credential Vault (Opt-in): AES-256-GCM authenticated encryption with HKDF-Expand key derivation and per-credential random nonces, configurable TTL
Secure Memory Clearing: Credentials zeroed after use
Platform Encryption: Platform-native encrypted storage
Clipboard Auto-Clear: Clipboard cleared automatically after paste (default 3 seconds, configurable per security profile: Paranoid 3s, Casual 10s, Speedster disabled)

Connection Security

SSH Host Key Verification: SHA256 fingerprints stored and verified
MITM Detection: Warning on host key change
Connection Timeout: 30-second timeout prevents hanging
Keep-Alive: Prevents server-side timeout disconnections

Device Security

Jailbreak/Root Detection: Warns on compromised devices
Screen Capture Prevention: Platform-native screenshot blocking
Developer Mode Warning: Alerts when developer mode enabled

Port Forwarding Security

Localhost-only binding: Tunnels bind exclusively to 127.0.0.1, preventing remote network access
Audit trail: Tunnel creation, stop, and errors logged as security events
Auto-cleanup: All tunnels stopped on SSH disconnect or app dispose

Jump Host Security

Credential clearing: Jump host password, private key, and passphrase cleared from memory immediately after SSH handshake
Host key verification: Both jump host and target host keys independently verified against stored fingerprints
Self-reference prevention: UI prevents selecting a profile as its own jump host (circular reference)
Vault-based credentials: Jump host credentials resolved from vault at connection time, never passed through navigation
Inline credential fallback: When vault is disabled or empty, jump host password can be entered inline on the connect form without storing it

Media Drop Security

File permissions: All uploaded files set to chmod 600 (owner read/write only)
No local caching: Media files streamed to server, not stored on device
Audit logging: Upload events logged with source type, path, and file size
On-demand permissions: Camera and photo library access requested only when feature is used

Speech-to-Text Security

Dual speech engines: Two engines: Built-in uses platform STT (Apple/Google — may send audio to their servers for processing). Whisper runs fully on-device via whisper.cpp — no audio leaves the device. Users choose in Settings.
No audio storage: TerminaLLM never permanently stores audio. Whisper mode creates a temporary WAV file that is deleted immediately after transcription.
On-demand permissions: Microphone access requested only when the mic button is tapped
Text-only output: Recognized text is written to the terminal; no audio intermediate stored

AI Chatbot Security

No server-side message storage: Proxy server processes requests in real-time; conversation content is never logged or persisted
JWT device authentication: Per-device tokens (HS256, 365-day expiry) with no personal information
Encrypted local storage: Conversation history and proxy tokens stored in platform-native encrypted storage
Rate limiting: AI chatbot is available to Pro subscribers only. The proxy server enforces subscription tier checks per device
HTTPS-only: All proxy communication uses HTTPS (enforced by Google Cloud Run)

iOS Live Activities Security

Lock Screen data exposure: Live Activities display server name, AI tool, state, and file counts on the Lock Screen without device unlock. Users should be aware that bystanders can see active session metadata
App Group isolation: Session data is written to an iOS App Group shared container accessible only to the app and its widget extension — not to other apps
Auto-expiry: Live Activities end automatically on disconnect or after 8 hours (iOS system limit)
No credentials exposed: Live Activities never display passwords, keys, usernames, or IP addresses — only display name, tool name, and aggregate counts

Audit & Monitoring

Security Event Logging: 1,000 events retained
Connection Logging: All connection attempts logged
Host Key Events: Verification decisions logged
Export Capability: Audit logs exportable as JSON

Cryptographic Standards

TOTP Generation: HMAC-SHA1 (RFC 6238)
Host Key Fingerprint: SHA-256 (OpenSSH format)
Credential Storage: AES-256-GCM (platform-native encrypted storage)
Credential Vault Key Derivation: HKDF-Expand / HMAC-SHA256 (RFC 5869)
Credential Vault Encryption: AES-256-GCM (NIST SP 800-38D, per-credential random nonce)
Backup Encryption: AES-256-GCM (NIST SP 800-38D)
Backup Key Derivation: PBKDF2-HMAC-SHA256, 600,000 iterations (RFC 2898). Legacy v1 backups used 150,000 iterations
SSH Transport: Various (negotiated per SSH Protocol)

Security Event Types

The following events are logged to the audit trail:

appLaunch - Application started
appResumed - Application resumed from background
authSuccess - Successful authentication
authFailed - Failed authentication attempt
biometricReauthSuccess - Biometric re-authentication succeeded
biometricReauthFailed - Biometric re-authentication failed
termsAccepted - User accepted terms of service
connectionAttempt - SSH connection initiated
connectionSuccess - SSH connection established
connectionFailed - SSH connection failed
hostKeyVerified - New host key accepted
hostKeyRejected - Host key rejected by user
hostKeyChanged - Changed host key detected (potential MITM)
hostKeyMismatchAutoReconnect - Host key mismatch during auto-reconnect
rateLimitTriggered - Rate limiting activated
lockoutTriggered - Account locked out
sessionTimeout - Session expired due to inactivity
sessionResume - User resumed an authenticated session within grace period
sessionClear - User session cleared
deviceCompromisedWarning - Jailbreak/root detected
profileChanged - Security profile changed
vaultCredentialStored - Credential stored in vault
vaultCredentialRetrieved - Credential retrieved from vault
vaultCredentialExpired - Vault credential expired due to TTL
vaultCredentialCleared - Individual vault credential cleared
vaultAllCleared - All vault credentials cleared
vaultStoreRetry - Vault store operation retried
vaultTamperingDetected - Vault integrity check failed (potential tampering)
mediaDropUploaded - Photo/file uploaded to remote server via Media Drop
sessionResumed - User resumed a stored dtach session
inputWaitDetected - AI assistant detected waiting for user input
tunnelCreated - Port forwarding tunnel started
tunnelStopped - Port forwarding tunnel stopped
tunnelError - Port forwarding tunnel failed (bind error, SSH error)
jumpHostConnected - Successfully connected through a jump host
jumpHostFailed - Jump host connection failed
backupCreated - Encrypted backup file created
backupRestored - Backup file restored
sftpFileDownloaded - File downloaded via SFTP
sftpFileUploaded - File uploaded via SFTP
sftpFileDeleted - File deleted via SFTP
sftpDirectoryCreated - Directory created via SFTP
sftpDirectoryDeleted - Directory deleted via SFTP
sftpFileRenamed - File renamed via SFTP
sftpFileCreated - File created via SFTP
developerPatStored - Developer personal access token stored
developerPatCleared - Developer personal access token cleared

Secure Usage Guidelines

For Users

Verify Host Keys: Always verify SSH fingerprints match expected values
Secure Your Device: Use device passcode, keep OS updated
Protect MFA Secret: Don't screenshot or share your TOTP QR code
Review Audit Logs: Periodically check for unauthorized access attempts
Avoid Public Networks: Use VPN when on untrusted networks
Report Issues: Contact us immediately if you suspect compromise

For Enterprise Deployment

MDM Integration: Deploy via Mobile Device Management
Compliance Review: Consult compliance team for regulated environments
Network Security: Ensure SSH traffic is monitored/logged at network level
User Training: Educate users on security features and best practices
Incident Response: Include app in security incident procedures

Known Limitations

No End-to-End Encryption Verification: App trusts SSH cipher negotiation
Device Trust: Security depends on device integrity
No Remote Wipe: No capability to remotely disable compromised instances
Single User: No multi-user or role-based access control
Local Audit Only: Audit logs stored locally only
Dart GC Memory Limitation: Dart's garbage collector may retain copies of credential data in heap memory even after explicit zeroing. Platform-level device encryption and sandboxing mitigates this risk

Vulnerability Disclosure

Reporting Security Issues

If you discover a security vulnerability, DO NOT create a public GitHub issue.

Instead, email us with:

Description of the vulnerability
Steps to reproduce
Potential impact
Any suggested fixes

security@terminallm.app Send Email

Response Timeline

Acknowledgment: Within 48 hours
Initial Assessment: Within 7 days
Fix Timeline: Based on severity
- Critical: 24–48 hours
- High: 7 days
- Medium: 30 days
- Low: 90 days

Recognition

We appreciate responsible disclosure and will:

Credit reporters in release notes (unless anonymity requested)
Consider bug bounty for critical issues (at our discretion)

Security Certifications

Currently, TerminaLLM has not undergone formal security certification (SOC 2, ISO 27001, etc.). The security controls documented here represent our best-effort implementation.

For regulated environments (HIPAA, PCI-DSS, FedRAMP), please conduct your own security assessment before deployment.

Updates & Changelog

Security-relevant changes will be documented in:

Release notes
This security policy
GitHub security advisories (for vulnerabilities)

Contact

Security Issues:

security@terminallm.app

General Questions:

support@terminallm.app

GitHub: github.com/terminallm-issues/.github/issues

Last Security Review: March 20, 2026