Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phil Zimmermann's New App Protects Smartphones From Prying Ears

Posted by Soulskill on from the using-your-ears-to-pry-things-is-not-recommended dept.

Hugh Pickens writes "Neal Ungerleider notes that cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann has launched a new startup that provides industrial-strength encryption for Android and iOS where users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS, and MMS. Text and multimedia messages are wiped from a phone's registry after a pre-determined amount of time, and communications within the network are allegedly completely secure. An 'off-shore' company with employees from many countries, Silent Circle's target market includes troops serving abroad, foreign businesspeople in countries known for surveillance of electronic communications, government employees, human rights activists, and foreign activists. For encryption tools, which are frequently used by dissidents living under repressive regimes and others with legitimate reasons to avoid government surveillance, the consequences of failed encryption can be deadly. 'Everyone has a solution [for security] inside your building and inside your network, but the big concern of the large multinational companies coming to us is when the employees are coming home from work, they're on their iPhone, Android, or iPad emailing and texting,' says Zimmermann. 'They're in a hotel in the Middle East. They're not using secure email. They're using Gmail to send PDFs.' Another high-profile encryption tool, Cryptocat, was at the center of controversy earlier this year after charges that Cryptocat had far too many structural flaws for safe use in a repressive environment."

12 of 121 comments (clear)

  1. exceptionally interesting and useful by Anonymous Coward · · Score: 5, Interesting

    for those of us who prize our anonymity. I do hope they'll take Bitcoin for the $20/month they charge.

  2. You mean like Burner for iOS? by SuperKendall · · Score: 5, Informative

    I doubt it. Our apple overlords will categorise this as 'Undesirable' as it allows their phone users to communicate in ways that they want

    It's funny how so many things people seem to doubt Apple would ever approve, actually get approved. Like for instance a virtualized burner phone, an app that provides you a temporary number lasting a week or as long as you see fit.

    There's already a ton of precedent for Apple to approve something like Silent Circle, and a ton of people like yourself in the dustbin of failed predictions claiming Apple will not accept product X because, well, Apple.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:You mean like Burner for iOS? by Jessified · · Score: 5, Insightful

      And how many seemingly innocuous apps are denied, when we would predict they should be fine?

      Maybe it will be approved...maybe it won't. Nobody can predict it because their rules are so arbitrary. And that, I imagine, is GP's point.

  3. Re:App store approved? by tlhIngan · · Score: 3, Insightful

    I doubt it. Our apple overlords will categorise this as 'Undesirable' as it allows their phone users to communicate in ways that they want, and not in ways that are overlord approved.

    Given iOS has no APIs for making phone calls without involving the dialler or sending SMSes without invoking Messages, this app would have to be entirely self-contained. Effectively, it's a VoIP phone app that does SMS and MMS, just offering strong encryption.

    And there are plenty of VoIP phone apps on iOS. As are private network "free" texting type apps. This is nothing special other than offering encryption.

    So in the end, it's just another VoIP app, or "free texting" app, of which there are tons. Like say, Skype.

  4. Re:Failsafe encryption requires no MitM by thestuckmud · · Score: 3, Informative

    This isn't Zimmerman's first time around the block. His Zrtp protocol for SIP (VOIP) security includes Short Authentications Strings which can be communicated by voice or even out of channel, as well as shared secrets from previous connections. These offer reasonable protection against man in the middle attacks.

  5. so excited. by ctime · · Score: 5, Insightful

    "Neal Ungerleider notes that cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann has launched a new startup that provides the illusion of industrial-strength encryption for Android and iOS where users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS, and MMS.

    There, fixed it for you.

    Does anyone really think any application that is layered on top of IOS is free from interception? Everything is an API, all hidden away, and as much as I love Apple, there is no way in hell I would trust any application running on that device to be free from covert interception(keyboard, voice, you name it). I'm not saying that app doesn't encrypt and do all the right things when transmitting over a network, but I'm going to assume everything is compromised locally on the phone.

    And not to be a tin foil hatter, but really, who pays for this stuff and paid these guys salaries in the past anyways (hint, it was your famous uncle).

  6. Re:Much easier ways by AHuxley · · Score: 4, Interesting

    The phone gives you movement, address books, links to others, the home computer - its everything any LEO has wanted over the electronic generation -
    A beacon, trap and trace, a microphone, a camera lab (as in pictures taken, shared, gps, unique data in every image to find other images you took and posted)...
    As for any encryption - detailed keystroke logs, clear-text captures of passwords was offered by diagnostic options shipped in many US telco offerings.
    You had the 'mic on' remote dial in, spyware in the cell phone infrastructure - when will a generation learn to put down their small versions of ENIGMA?
    As for 'your device to record anything going to your mic? "
    The classic case was the NSA and GCHQ - let us work in the dark and we can predict the future ... federal political leaders get a heads up on terms of interest from around the world.
    Then you had federal police asking for non court help with encryption, tracking...
    Then for logs, recordings ... then for closed court voice recordings..
    Then high profile cases... state task forces.. fusion centers... the press reports on recordings ...
    At some point the court magic stops and that next person of interest takes the battery out.

    --
    Domestic spying is now "Benign Information Gathering"
  7. Does it encrypt REAL phone calls? by gnoshi · · Score: 4, Interesting

    While it is nice for someone to be making an easy-to-use all-in-one encryption app, the real question for me is this:
    Does it encrypt phone calls; real, phone-to-phone, no-VoIP phone calls.

    There are already several solutions out there for encrypted VoIP. Even a free, open-source general-purpose Android SIP client CSipSimple supports ZRTP for key exchange (or 'of course' a free, open-source ...)
    However, I have not found a single app (and indeed only a few specialised devices) to actually make encrypted phone calls without using VoIP, and none that have made encrypted phone calls over GSM voice. A few people have talked about phone call encryption over GSM voice (e.g. at DEFCON) and there are many papers on the topic of data-over-GSM-voice), but I haven't yet seen it implemented. If this *does* implement it, *then* I'll be pumped.

    On the SMS front, there is already TextSecure for sending encrypted SMS, and all the key exchange is handled through SMS (and perhaps MMS? I believe only SMS). Mind you, Moxie Marlinspike hasn't released the source for it (and it is now owned by Twitter, so we'll probably never see it).

  8. Re:Whatever by gweihir · · Score: 4, Interesting

    That is another valuable experience Zimmermann brings to the table: They tried pretty hard to suppress PGP and he prevailed. I remember than in order for him to not go to jail, it was exported as printed book and then scanned in Europe. He used the stupidity of the US bureaucracy against them. Development continued outside of the US afterwards. That was the time when the US snoops wanted backdoors into any crypto.

    I think is will be interesting to watch, but I expect he will make it again.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  9. You betray yourself by Anonymous Coward · · Score: 5, Insightful

    "There's already a ton of precedent for Apple to approve something like"

    "ton of precedent"
    and
    "something like"

    Really give away your lack of confidence in your own argument. Let me state something so you can see the difference.

    "The application WILL be approved for sale on Android, that is inevitable as day follows night."

    There, and that's why Apple will ultimately fail. Because even the fanboys don't have confidence in Apple making the decision they think is right.

  10. Pointless by aaaaaaargh! · · Score: 3, Insightful

    The company is US-based. No matter how renowned the makers of this software are, under the Patriot Act they can be forced to secretely put backdoors into their apps and never tell anyone. For this reason alone the encryption is worthless, and possibly even dangerous for companies outside the USA that have to guard trade secrets.

  11. Re:Whatever by muckracer · · Score: 3, Insightful

    >> and Ron Paul elected president before this will happen.

    > FOUR MORE WEEKS, FOUR MORE WEEKS...!! :-D

    Of course this was meant as a joke. ;-)
    We all know, that in reality Gary Johnson (L) will be elected President! And then we don't need to encrypt our phone calls anymore...at least not because of the government snoops, because Pres. Johnson has shut them all down! :-)