Open source software group Open Whisper Systems today released a new encrypted phone app called Signal, which is designed to allow its users to make secure calls on the iPhone at no cost.
Using end-to-end encryption, Signal secures iPhone conversations so third-parties cannot listen in. Signal uses a caller's standard phone number to make and receive calls, and all Signal calls function like a normal phone call using WiFi or data connections.
According to a blog post on the Open Whisper Systems site, Signal uses ZRTP, a widely-used secure voice communication protocol and sends push notifications when phone calls are received to save battery life. It's open source software, which allows anyone to improve the code and contribute to app improvements.
Setting up Signal is simple, and users only need to enter a phone number and confirm it by entering a six-digit confirmation code (sent by SMS or phone call) to begin using the app. Contacts are automatically imported after a phone number is entered, but only contacts that have the Signal app will be listed. Placing a call to a user who does not have Signal installed will prompt users to send an invite via SMS.
When initiating a phone call using Signal, the two people communicating can be assured that their phone calls are secure through a pair of words shown on the screen of the caller and the person being called. The two exchange their on-screen words to verify that the words match, signaling that a secure connection has been implemented. Were someone listening into a phone call, the two words would not match up.
In an interview with Wired, Open Whisper Systems founder Moxie Marlinspike said the team's goal was to make secure phone calls as easy to place as regular phone calls. Encrypted text messages will also be added to the app in the future.
"We're trying to make private communications as available and accessible as any normal phone call," says Moxie Marlinspike, the hacker security researcher who founded the nonprofit software group. Later this summer, he adds, encrypted text messaging will be integrated into Signal, too, to create what he describes as a "single, unified app for free, easy, open source, private voice and text messaging."
Wired tested the app during the development phase and aside from a few early bugs, determined calls were "indistinguishable from any other phone call," and MacRumors had the same results when testing the app. Signal also works Open Whisper Systems' RedPhone app for Android, allowing both iOS and Android users to make secure calls with one another.
Signal can be downloaded from the App Store for free. [Direct Link]
Top Rated Comments
One day you might like to communicate with someone who doesn't have an iPhone.
Signal is the difference between "won't eavesdrop" and "can't eavesdrop." Apple's whitepaper (http://www.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf) on iMessage and FaceTime encrytption confirmed that, even though calls and messages are technically encrypted, Apple can selectively choose to intercept plaintext calls and messages if they wish. This is roughly similar to how a normal telco operates, and puts us in the position of having to trust Apple to behave appropriately.
Signal, in addition to being cross platform, moves the bar from "won't eavesdrop" to "can't eavesdrop." The Signal developers do not have the ability to selectively intercept calls, so we don't have to trust them.