Networking

Encrypt calls on your Android device with RedPhone

Whisper Systems offers call encryption on Android with RedPhone. Chad Perrin describes how it works and where the potential security questions exist.

The technology for practical, private telephone call encryption has existed for years, but the costs involved have tended to push it out of range of what people are willing to pay for a telephone. The advent of VOIP systems has started to make call encryption more practical because the encryption and decryption can be implemented in software without requiring any special equipment beyond servers running open source VOIP PBX software like Asterisk, but deploying such heavy-duty VOIP systems is a bit much for common use. Consumer-grade VOIP packages could bring this a bit closer to home, but they have not really taken off to the point that people who care much about privacy technologies to form a market niche substantial enough to make development of easy call encryption likely.

Smartphones are the turning point. As handheld computers, they have rapidly developed the ability to support VOIP software. This, in turn, makes it reasonable to expect call encryption to finally make it into the hands of the common consumer. A smartphone security company co-founded by Moxie Marlinspike, called Whisper Systems, has addressed the need on Android with an application called RedPhone.

RedPhone uses an encryption protocol called ZRTP designed by Phillip Zimmerman, the inventor of PGP. It allows you to connect to another user's smartphone with RedPhone installed using a contact list, or by entering the intended recipient's telephone number with an asterisk (the "star" key) appended to the end. The application uses encrypted SMS messages to quickly establish calls across a VOIP connection, all behind the convenient mask of a normal dialing interface or contact list.

Thanks to its use of direct, smartphone-to-smartphone VOIP on the back end, RedPhone calls do not use up call minutes from the service provider plan. The only potential costs involved should be whatever SMS text messaging charges the service provider applies when establishing a connection.

While RedPhone's encryption is end-to-end, it does not provide perfect security. The fact of the matter is that as long as our smartphone hardware is not strictly verified and operating systems are susceptible to infection by spyware, there is always the possibility that the operating system or even the hardware itself could be compromised such that it captures unencrypted data before encryption and transmission. This could potentially include voice data.

RedPhone itself is not open source software, either, which could raise some security problems of its own. I discussed the matter with Moxie in IRC some months ago, and he confirmed that there were plans to make the source code available for review, but that the application itself would remain protected by a proprietary license. Without the ability to actually install from source, there is no means of direct verification of the code we actually run, and as such we must decide whether to trust that the source code we can access is the same as the source installed on the system -- and that any additional source that could be included in the usable application does not change the basic security character of the software itself.

The difference between open source and source available for review is academic at this point, however. Thus far, at pre-release version 0.4, I have yet to see the source made available for review.

Even if it is not perfect, however, RedPhone is definitely a step in the right direction. It is end-to-end encryption for voice calls, easy to install and use, available on a common consumer smartphone platform. In addition, Whisper Systems has made an effort to expand the availability of its encrypted communications software into markets that particularly need them. Whisper Systems has made special provision for Android device users in Egypt.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

13 comments
vivarto
vivarto

is it not possible to compile from reviewed code and then publish a hash?

Then anyone could run the hash function on their copy and verify that it is authentic?

bboyd
bboyd

Give that the best algorithm is one that does not fail when all but the key are possessed I'm glad to be given the key. While I'm happy that they will peer review, it still fails the test. If its open source I can compile it from peer reviewed code and avoid the vector that the company is serving a compiled version separate/different from the peer reviewed source code that Open Source versions provide.

Spitfire_Sysop
Spitfire_Sysop

At least that is what I learned while working at Sprint. The calls are technically "VOIP" too because they travel through the packet switched internet inbetween cell phone towers (With some exceptions I am sure). What I was taught is that the connection to the cell tower uses hardware encryption and the data in the air is scrambled too. The audio data is sent out of order (which there must be a pattern to) and once it gets to the tower all cell calls through that tower are scrambled together in a sudorandom fasion with junk data dispersed throughout to fill up whatever bandwidth remains. This way the data flowing would appear to be the same size no matter if one or one hundred people are making calls at that time. I am not sure how other companies do it but Sprint is rather proud of their voice security and they brag about it in official training materials given to most employees. I understand the desire to run a 3rd party voice app with 3rd party encryption but for now the regular call is probibly more secure. (Patriot act excluded because that's cheating)

apotheon
apotheon

That's the biggest problem with RedPhone. I think it likely that its real value will, in the long run, be its encouragement for others to work on providing end-to-end strong call encryption in an extremely convenient, usable manner, under an open source (preferably copyfree) license.

apotheon
apotheon

You're correct about the fact that cellphone calls are encrypted. They are not encrypted end-to-end, however, and Neon Samurai is correct that GSM encryption is laughably weak protection. I have no idea where you get the impression that "normal" cellphone calls would be more secure than using strong crypto to protect the privacy of calls through VOIP controlled by the people calling each other.

Neon Samurai
Neon Samurai

For GSM at least. It's broken but carriers continue to leave phone owners at risk. The other issue is that the encryption is controlled by the carrier. They can tap the call and listen in; hopefully with a court order but between social entineering and DHS power plays the carriers become Eve sitting between Alice and Bob. For encryption to be trustworthy, it needs to involve only two people in what is actually a two person event. Encryption must be under the control of the device owner not the third party Eve and her whims or profit interests.

bboyd
bboyd

Kind of them to provide it to Egyptian users for free. Late but well meaning enough. Unfortunately that well meaning can backfire. If the signature of an encrypted voice transmission is easy to flag you may get a visit from the secret police for using it. But if it looks like any other VOIP call it might not be an issue. Apotheon would you consider this use of technology to be anonymity or privacy? I'm good with using copyfree but if it heads into places like the app store for iPhone(not picking on Apple alone) it becomes suspect again.

Spitfire_Sysop
Spitfire_Sysop

Sprint which is CDMA in the air and scrambled junk on the wire. The encoding does change and it is obviously wide open on the inside which is why I also excluded the Patriot Act. I understand that this internal flaw makes end-to-end encryption desirable but I was merely suggesting external security is very good. Air sniffing and wire tapping are not feasable unless you are given access which I'm sure a rouge Engineer has. The internal threat from carrier employees does make a strong case for an additional layer of protection.

apotheon
apotheon

Thanks for clarifying. That makes sense. One of the benefits of Android is that you can install software from outside the application store -- which means that, if you have the source, you can install from verifiable source. I've never been a fan of systems that make it as difficult as possible to install from source, like iPhone's iOS does.

bboyd
bboyd

I think the truest security benefit of open source is getting a verifiable hash check of the program or compiling it yourself from hash check source. If the installation is obfuscated by a mechanism like an app store (itunes etc.) then that point of verification is ruined. My axiom is trust but verify. So I don't really care what license (GNU, Copyleft, copyfree...)

apotheon
apotheon

> Kind of them to provide it to Egyptian users for free. Late but well meaning enough. It's free to everyone right now, at least for noncommercial use -- not just Egyptians. What's special about the offering in Egypt is that there are special efforts made to make it available through nonstandard channels so that it's harder to prevent Egyptian users from installing the software. > Apotheon would you consider this use of technology to be anonymity or privacy? It's privacy technology; the recipient of the call knows who's calling. > I'm good with using copyfree but if it heads into places like the app store for iPhone(not picking on Apple alone) it becomes suspect again. Uh . . . what? I'm not sure what you're saying here.

Neon Samurai
Neon Samurai

The user on both sides must know there own account password but that email travels in clear text between end points or is otherwise completely open on the inside. While one officially needs to have a warrant (or claim patriat act and ignore constitutional liberties) unofficially every node that email passes through has the opertunity to save a copy. Your email to family out east was litterally read over your shoulder by every network hop. Back to the mobile device market; consider that some phone companies are already using voice to text for achiving customer's voice mail in a searchable format. End to end strong encryption in the hands of the device owner not intermittent questionable enryption in the hands of the carrier. "If it ain't Vorpol, it ain't dead."

apotheon
apotheon

> wide open on the inside Need I say more? Encryption with a gaping hole in the middle is almost meaningless; it only stops the same people who would not find a way to snoop on unencrypted traffic when your laptop is on an open, public wireless network.

Editor's Picks