The NationalSecurity Agency (NSA) and the (British) Government Communications Headquarters (GCHQ) have been accused of hacking into servers and SIM cards to obtain access to text messages. “Man in the middle attack” is also a problem, and can occur when using an un-encrypted, wifi-based text messaging service. If an individual hacks into the wifi network, the person can access text messages.
Encryption is therefore increasingly the only way to maintain a sense of privacy, and while it’s traditionally been difficult for non-techies to understand, new high-quality, user-friendly software has become available. Most notably, app developer Open Whisper Systems recently released an updated version of their encryption app Signal for iPhones and Android phones. In the app, entitled Signal 2.0, supported encrypted text messages use a protocol called TextSecure, which allows users to communicate using voice and text knowing nothing will be intercepted over the internet.
The app encrypts data when sending text messages as long as the person receiving the text is also running Signal 2.0. The app is celebrated as offering “peace of mind,” and unlike similar products, it features an open source code for expert inspection. It also supports “forward secrecy,” which prevents hackers from decrypting old messages should they steal encryption keys.
Signal 2.0 offers extra security for iPhone users, as it’s the “one place” where all their communications are always fully encrypted. Other apps, such as Apple’s iMessage, may utilize strong encryption tactics, but only when there’s a proper data connection between two Apple devices. When this is not the case, the app reverts to insecure SMS messaging. The app doesn’t feature forward secrecy or an inspectable source code, either.
Another Signal 2.0 advantage? It allows “power users” to verify whom they’re communicating with, which provides confirmation that the encryption isn’t being hacked. Using iMessage means “taking Apple’s word for it.”
Open Whisper Systems and its founder Moxie Marlinspike are enjoying growing reputations for blending reliable encryption with the convenience of mobile. The company also recently partnered with the makers of WhatsApp to add encryption to the messaging product.
“We want to make private communication simple,” says Marlinspike, who designed the encryption protocols behind his company’s apps. “Our objective is to do new cryptographic research and development that advances the state of the art while simultaneously making it frictionless and accessible for anyone.”
The app is currently split into two options for Android users--TextSecure for private messaging and RedPhone for private calls. “We’re working towards a single unified Signal app for Android, iPhone and the desktop,” says Marlinspike.
Encryption tools are only as good as the devices they’re installed on, but Signal 2.0 is still paving the way to make spying on billions of people nearly impossible.