The strength of Apple’s iMessage end-to-end encryption has been tested by whitehat hackers who, in 2013, figured out the method behind it and revealed that Apple controls the encryption key base and could, thus, be forced by court order to turn over messages.
Apple’s current CEO, Tim Cook, denied these charges last September at a conference, but in any case, trust in the security of messages being sent over iMessage has not been 100% since.
Enter Moxie Marlinspike, a computer security researcher, and his company Open Whisper Systems, who have released version 2.0 of the free ‘Signal’ application for Apple iOS — now including end-to-end SMS/MMS encryption along with encrypted phone calls, which were presented last July with Signal 1.0.
— Anon.Dos (@anondos_) April 21, 2015
This safe messaging platform for iPhone is free and open source, and it is indeed not the last venture for Marlinspike — who is also the head of ‘Red Phone,’ an application that encrypts voice calls for Android, as well as ‘Text Secure.’
However, unlike Red Phone and Text Secure, Signal 2.0 has both encrypted SMS and voice calls in one place. The company is also planning to release a desktop version of it: “We’re going to unify Text Secure and Red Phone into Signal on Android, release a desktop version of Signal, and keep working to push the envelope of secure protocols and private communication,” said Marlinspike.
The accessibility of Signal 2.0 for iOS brings a measure of protection and secure correspondence that has been called for since the Quarks Lab report of 2013:
“Apple’s claim that they can’t read an end-to-end encrypted iMessage is definitely not true. As everyone suspected: yes they can! Suspecting does not know, and we hope to have dug enough in the protocol to show how Apple could do it. But shall we continue to use iMessage? MITM attacks on iMessage are unpractical to the average hacker and the privacy of iMessage is good enough for the average user. If the information’s being exchanged are sensitive to the point that you do not want any government agencies to look into them. Apple, make a more transparent PKI and document the protocol, and it could be considered the most practical and secure real-time messaging system available.”
Image Source: iTunes – Screenshot of Signal 2.0 ‘Conversations’ space.
“It is technically possible that someone in control of Apple’s servers could intercept your communication,” Marlinspike said, adding that Signal 2.0 now permits iPhone clients to correspond secretly with clients on Android devices as well.
The convention behind Signal 2.0 is a unique one, one which basically creates a different encryption key for every message being sent, in this way if a key were to be cracked, not all messages would be exposed.
The process also permits clients to check one another’s individual encryption keys so that it would be simple to distinguish if an assailant was performing a ‘man in the middle’ attack, blocking activity between endpoints.
Image Source: iTunes – Screenshot of Signal 2.0 messaging interface.
The straightforwardness of Signal ought to uproot any hindrance for ‘protection cognizant’ users, as the application utilizes the mobile device’s current number and location, and does not require a different login or confirmation component to oversee. Clients have the capacity to send encrypted messages, pictures, videos and make encrypted calls worldwide, without any additional charges.
“We cannot hear your conversations or see your messages, and no one else can either. No exceptions. You can even tap and hold on a contact’s name to see advanced identity verification options. Everything in Signal is always end-to-end encrypted and painstakingly engineered in order to keep your communication safe.” -Signal 2.0 Product Description
If you are still not satisfied, you can always take a look at the source code available on GitHub, created by Open Whisper Systems.
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ