If you’re making a phone call with your iPhone, you used to have two options: Accept the notion that any wiretapper, hacker or spook can listen in on your conversations, or pay for pricey voice encryption software.
As of today there’s a third option: The open source software group known as Open Whisper Systems has announced the release of Signal, the first iOS app designed to enable easy, strongly encrypted voice calls for free. “We’re trying to make private communications as available and accessible as any normal phone call,” says Moxie Marlinspike, the hacker security researcher who founded the nonprofit software group. Later this summer, he adds, encrypted text messaging will be integrated into Signal, too, to create what he describes as a “single, unified app for free, easy, open source, private voice and text messaging.”
Signal encrypts calls with a well-tested protocol known as ZRTP and AES 128 encryption, in theory strong enough to withstand all known practical attacks by anyone from script-kiddy hackers to the NSA. But WIRED’s test calls with an early version of the app, after a few false-starts due to bugs that Marlinspike says have now been ironed out, were indistinguishable from any other phone call. The only sign users have that their voice has been encrypted is a pair of words that appear on the screen. Those two terms are meant to be read aloud to the person on the other end of the call as a form of authentication. If they match, a user can be sure he or she is speaking with the intended contact, with no man-in-the-middle eavesdropping on the conversation and sneakily decrypting and then re-encrypting the voice data.
Like any new and relatively untested crypto app, users shouldn’t entirely trust Signal’s security until other researchers have had a chance to examine it. Marlinspike admits “there are always unknowns,” such as vulnerabilities in the software of the iPhone that could allow snooping. But in terms of preventing an eavesdropper on the phone’s network from intercepting calls, Signal’s security protections are “probably pretty great,” he says.
