It may not come as a surprise to most of our readers but cell phone calls are in no way secure. If there’s one thing that the NSA domestic spying has brought to light, it’s that too many of our personal private calls can be easily intercepted. If the NSA is not spying on you, it could be your local police, or even an ingenious hacker with a portable cell tower. It matters not whether you need to share company secrets, do not want to part of the police surveillance state, or just want to talk privately to family and friends. This illustrates how important it is for you to have a way to communicate securely, both with text and voice. This is exactly why Whisper Systems was founded to provide secure text and voice communications for the masses.
Founded in 2010, Whisper Systems was a small security startup started by Moxie Marlinspike (not his real name) and Stuart Anderson. In May 2010 they released their first two mobile apps for Android: RedPhone and TextSecure. After they released these apps, Twitter took an interest in the new start-up and its two talented founders and in November 2011 they acquired both. Our review found that Twitter initially took the Whisper System apps offline but by July 2012 Twitter had re-released both apps under general public license version 3 (GPLv3).
After working for the Twitter security team for some time, Marlinspike left the company and in early 2013 founded the Open Whisper Systems project to create an open-source collaborative environment to work on providing private and secure communications for mobile users. The RedPhone and TextSecure apps for Android were its initial focus but in July 2013 Moxie announced that they were working on an app to make secure calls using the iPhone.
Open Whisper Systems is coming to iPhone!
Our review found that the first official release of Signal for iPhone was in late July of 2014. For the first time, iPhone users could enjoy the privacy and security that RedPhone users had when making phone calls. Additionally, calls made from RedPhone for Android were compatible with those sent from Signal for iPhone. This meant that RedPhone users could make secure, encrypted calls to Signal Users and vice-versa without incurring any long distance charges. At the same time, he also announced some other projects that Open Whisper Systems was also working on including integration of TextSecure into the newly released iPhone app. In his own words:
Signal will be a unified private voice and text communication platform for iPhone, Android, and the browser. Later this summer, Signal for iPhone will be expanded to support text communication compatible with TextSecure for Android. Shortly after, both TextSecure and RedPhone for Android will be combined into a unified Signal app on Android as well. Simultaneously, browser extension development is already under way.
In June 2014, Secure Messaging Scorecard, a project of the Electronic Frontier Foundation (EFF) gave the Signal for iPhone app from Open Whisper Systems 7 out of 7 checks. They received checks for being encrypted in transit, being encrypted so that the provider could not read it, providing a way to authenticate contacts’ identities, having forward secrecy of past communications if the keys are stolen, having the code independently reviewed, documenting the security used by the Signal app, and being recently audited. The Signal for iOS app is free and fully open source under GPLv3. This means anyone is free to use, modify, and make improvements to the code.
Secure Communication with Signal for iOS
In March of 2015, Signal 2.0 was released with integrated support for TextSecure. At this time, Signal became an encrypted voice calling and instant messaging application for iOS with support for iPhone, iPod, and iPad. Finally iOS users could take full advantage of the features of both TextSecure and RedPhone in one application. Signal 2.0 is compatible with both RedPhone and TextSecure for Android. Not only can Signal for iOS users make secure, encrypted calls with RedPhone users, but also send end-to-end encrypted text, picture, group, and video messages to TextSecure users. This lets Signal users avoid long distance rates, as well as, SMS and MMS (Small Message Service) and (Multimedia Message Service) fees from their carrier. Our review of Signal 2.0 found that it blends private phone calls and private messaging into a single, frictionless interface on your iPhone or iPad. This lets you quickly organize all of your conversations using your inbox while at the same time archiving all of your communications (voice, text, pictures, and video).
Signal is easy to use because it uses your existing phone number and address book and requires no other passwords or PINs. It allows you to make private phone calls over the Internet to your friends and family anywhere in the world without long-distance charges. Phone calls between those with either Signal for IOS or RedPhone for Android are encrypted end-to-end with the keys being kept on the local devices. Consequently, the call cannot be seen even by the Open Whisper servers. Calls use push technology so you will always know when they arrive and they are always waiting for you even if your battery dies or you temporarily lose your connection.
Installing and registering the Signal app on your iOS device:
- Step 1 – Download the Signal app from the iTunes app store and install it
- Click to download and accept the Terms of Service by selecting “Accept.”
- The app will download and install automatically.
- Step 2 – Configuration and initial setup
- Register your phone – enter your phone number and click “verify this device”
- You will receive an SMS message with 6 digit code to verify your registration
- If no SMS is received, you can select to hear an automated 6 digit voice code.
- Verify your registration
- Register your phone – enter your phone number and click “verify this device”
To make a call using the application select the phone icon in the contact you want to call. Once the connection is made, both parties will see two words on the screen. You can use these to verify that the call is secured as they should be the same on both. That is all there is to making an end-to-end privately encrypted call using the Signal app as long as both parties run either RedPhone or Signal. Sending a text message is just as easy using the app, simply click on the contact you want to send the message to. If the recipient does not run the previously mentioned TextSecure, Android alternative OS CyanogenMod, or Signal, you will be asked if you would like to invite them via SMS, but you will not be allowed to complete your call or send a message to them from inside Signal. The below image illustrates a couple of screenshots for the Signal messenger app.
Our review found that Signal is optimized for speed. Open Whisper Systems has set up dozens of servers to handle the encrypted calls in more than 10 countries around the world to minimize call latency. Signal for iOS uses the state-of-the-art Axolotl protocol for its text messaging. Also, Signal uses the ZRTP protocol to setup an encrypted VoIP channel for voice calls and SRTP for call encryption using AES-128 in CBC mode. The ZRTP protocol was developed by Silent Circle co-founder Phil Zimmermann. Furthermore, since the keys are racheted and regenerated for each session, the messages benefit from both forward secrecy and future secrecy.
This allows the app to maintain excellent performance without compromising its encryption strength while providing you with a seamless way to communicate, be it by voice or text.
Signal Review: Conclusion
Open Whisper Systems is a community volunteer and privately funded project that has grown out of the need for secure, encrypted, easy to use privacy apps for mobile devices. One of its current projects is Signal Private Messenger for iOS, a mobile app which allows its users to make secure, encrypted VoIP phone calls, send text messages, pictures, videos, or audio files using Wi-Fi or data over the Internet to other Signal users. It also gives them a secure, cross-platform tool that allows them to communicate with Android users who have either RedPhone or TextSecure installed, as well as, Android users of the alternative Android OS CyanogenMod. Using Signal on your iOS device will allow you to make secure, private calls to your friends or family, as well as, send encrypted messages to your business colleagues.
Both the phone calls you make and the multimedia messages you send will be end-to-end encrypted with keys only found on the local devices. This means that no one, not even the team at Open Whisper Systems can see your text or listen to your call. Once these app(s) are installed, they are integrated seamlessly with the device’s (Android or iOS) regular dialer and contact list so that anyone can easily use them to take back their privacy when making phone calls or texting with friends and family. The security they present also makes them ideal for business users. All three apps are free and open-source under the general public license version 3 (GPLv3). Open Whisper Systems is currently working to develop a TextSecure browser extension. We recommend that you try the app(s) for yourself and recover the privacy you once had when texting or making a phone call.