Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

'Signal' for iOS Lets Users Make Encrypted Voice Calls for Free

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,535
30,842



Open source software group Open Whisper Systems today released a new encrypted phone app called Signal, which is designed to allow its users to make secure calls on the iPhone at no cost.

Using end-to-end encryption, Signal secures iPhone conversations so third-parties cannot listen in. Signal uses a caller's standard phone number to make and receive calls, and all Signal calls function like a normal phone call using WiFi or data connections.

According to a blog post on the Open Whisper Systems site, Signal uses ZRTP, a widely-used secure voice communication protocol and sends push notifications when phone calls are received to save battery life. It's open source software, which allows anyone to improve the code and contribute to app improvements.

signalapp.jpg
Setting up Signal is simple, and users only need to enter a phone number and confirm it by entering a six-digit confirmation code (sent by SMS or phone call) to begin using the app. Contacts are automatically imported after a phone number is entered, but only contacts that have the Signal app will be listed. Placing a call to a user who does not have Signal installed will prompt users to send an invite via SMS.

When initiating a phone call using Signal, the two people communicating can be assured that their phone calls are secure through a pair of words shown on the screen of the caller and the person being called. The two exchange their on-screen words to verify that the words match, signaling that a secure connection has been implemented. Were someone listening into a phone call, the two words would not match up.

In an interview with Wired, Open Whisper Systems founder Moxie Marlinspike said the team's goal was to make secure phone calls as easy to place as regular phone calls. Encrypted text messages will also be added to the app in the future.
"We're trying to make private communications as available and accessible as any normal phone call," says Moxie Marlinspike, the hacker security researcher who founded the nonprofit software group. Later this summer, he adds, encrypted text messaging will be integrated into Signal, too, to create what he describes as a "single, unified app for free, easy, open source, private voice and text messaging."
Click to expand...
Wired tested the app during the development phase and aside from a few early bugs, determined calls were "indistinguishable from any other phone call," and MacRumors had the same results when testing the app. Signal also works Open Whisper Systems' RedPhone app for Android, allowing both iOS and Android users to make secure calls with one another.

Signal can be downloaded from the App Store for free. [Direct Link]

Article Link: 'Signal' for iOS Lets Users Make Encrypted Voice Calls for Free
 
Article Link
https://www.macrumors.com/2014/07/29/signal-encrypted-voice-calls/
C

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,390
19,458
What exactly is a normal phone call over data? Does that mean a call that isn't normal but a VoIP call essentially?
 
Mwongozi

Mwongozi

macrumors member
Sep 17, 2007
54
43
Woodside, CA
Cross-platform

The "Isn't FaceTime encrypted?" folks are missing the point.

This is cross-platform - you can call people using "RedPhone" on Android.

The upcoming TextSecure support will also let you send encrypted texts (similar to iMessage) to Android users.
 
oplix

oplix

Suspended
Jun 29, 2008
1,460
487
New York, NY
Yea, remember how safe people thought Tor was? Then they found out the feds were actually targeting the people who used it.
 
SeaFox

SeaFox

macrumors 68030
Jul 22, 2003
2,619
954
Somewhere Else
lucascantor said:
Isn't FaceTime encrypted, or am I missing something here?
Click to expand...

You can't trust Apple. No, I don't care how much you love Apple. You're deluding yourself if you think they'll keep you secure.

Any corporation is going to simply hand over the keys when a NSL comes their way. The alternative is to self destruct like Lavabit -- and if you've followed their story since then even that still gets you harassed by the government.
 
R

robinbanks

macrumors newbie
Jul 29, 2014
1
0
lucascantor said:
Isn't FaceTime encrypted, or am I missing something here?
Click to expand...

Signal is the difference between "won't eavesdrop" and "can't eavesdrop." Apple's whitepaper on iMessage and FaceTime encrytption confirmed that, even though calls and messages are technically encrypted, Apple can selectively choose to intercept plaintext calls and messages if they wish. This is roughly similar to how a normal telco operates, and puts us in the position of having to trust Apple to behave appropriately.

Signal, in addition to being cross platform, moves the bar from "won't eavesdrop" to "can't eavesdrop." The Signal developers do not have the ability to selectively intercept calls, so we don't have to trust them.
 
PocketSand11

PocketSand11

macrumors 6502a
Jun 12, 2014
688
1
~/
robinbanks said:
Signal, in addition to being cross platform, moves the bar from "won't eavesdrop" to "can't eavesdrop." The Signal developers do not have the ability to selectively intercept calls, so we don't have to trust them.
Click to expand...

Edit: I originally said that you can't trust that the binary you get from the App Store is free of backdoors. But you could be guaranteed safety by downloading the source code, compiling it, and checking to make sure it matches the binary from the App Store bit-to-bit.

There was some software for Mac I remember that was open source, but all the binary downloads were malicious. I can't remember the name.

----------
John.B said:
Or surreptitiously disable certificate validations, to facilitate eavesdropping. Re: OpenSSL and GoToFail.
Click to expand...

It's not nearly as bad as what can happen in closed source software. Security flaws and intentional backdoors go unnoticed. If, say, Age of Empires II unexpectedly had its source released tomorrow, botnets would be created that night via infections through online games.
 
Last edited:
lotzosushi

lotzosushi

macrumors 6502
Jan 10, 2007
432
401
Encrypted and routed safely through NSA/FBI/CIA servers to the person you're calling. =)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom