By Andy Greenberg
May 25, 2010
Worried about the NSA, the FBI, criminals or cyberspies electronically
eavedropping on your private phone calls? There may be an untappable app
On Tuesday, an independent hacker and security researcher who goes by
the handle Moxie Marlinspike and his Pittsburgh-based startup Whisper
Systems launched free public betas for two new privacy-focused programs
on Google's Android mobile platform: RedPhone, a voice over Internet
protocol (VoIP) program that encrypts phone calls, and TextSecure, an
app for sending and receiving encrypted text messages and scrambling the
messages stored in their inbox.
Marlinspike says the apps will interface with users' contact lists and
other functions on the phone to take the hassle out of making calls and
sending texts that can't be eavesdropped by third parties. "Our main aim
is to make this as easy as possible," he says. "We want it to be a
secure and anonymous drop-in replacement for the normal dialing system
on your phone."
RedPhone uses ZRTP, an open source Internet voice cryptography scheme
created by Phil Zimmermann, inventor of the widely-used Pretty Good
Privacy or PGP encryption. When a caller dials another RedPhone user,
the app uses the two users' keys to create a simple passphrase
("flatfoot eskimo" or "slingshot millionaire," for example) and display
it on each phone, allowing the speakers to verify that the codes match,
and that there's no man-in-the-middle intercepting the call.
Best Selling Security Books and More!
Shop InfoSec News