Free app allows encryption of mobile conversations
04 Mar 2015
People looking to secure their online messages can skip Apple's iMessage and instead encrypt their Apple iTexts using Moxie Marlinspike's Signal 2.0, released for iOS today.
What is unique about Signal is that owners of Apple's mobile devices could also send encrypted messages to people who had a compatible app installed on devices running Android, Google's mobile operating system.
The latest version of the encryption application can slap end-to-end encryption on text messages using the TextSecure protocol sent between Signal 2.0 clients.
The Signal version 1 had already supported encrypted phone calls.
Marlinspike would now work on redeveloping the popular RedPhone and TextSecure apps for Signal 2.0 for Android, and release a desktop version for PC users.
''It is now possible to send end-to-end encrypted group, text, picture, and video messages between Signal on iPhone and TextSecure on Android, all without SMS and MMS fees,'' Marlinspike says.
''We cannot hear your conversations or see your messages, and no one else can either.
''Everything in Signal is always end-to-end encrypted, and painstakingly engineered in order to keep your communication safe.''
Marlinspike told ThreatPost, the app allowed for verification of encryption keys making it easy to detect man-in-the-middle attackers.
Marlinspike said the free app was designed from the ''ground up'' for mobile environments, adding incoming calls were fully asynchronous.
Users can send encrypted text messages to other iPhone users who had Signal and to Android users who ran the TextSecure app on their phones. Also one did not have to pay individual fees for each message, as the new text message encryption feature came on top of Signal's existing ability to encrypt mobile phone calls.
Phone calls and text message encryption was critical for many people, in the backdrop of mounting concerns over government snooping since whistleblower and former NSA contractor Edward Snowden released confidential documents showing wide-scale data collection on the part of the agency. Also more reports continue to emerge.
The National Security Agency and its British counterpart, the Government Communications Headquarters, faced accusations of hacking into the internal network of SIM card maker Gemalto and stealing the encryption keys used to secure those cards.
Also a report in February by security vendor Kaspersky revealed the existence of an organisation called the The Equation Group, which could access the firmware of hard drives from Western Digital, Seagate, Toshiba, IBM, Micron and Samsung to plant spyware.