23

Signal (former RedPhone) provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.

But really, how is the probability that a voice conversation is wiretapped still?

And are the contact-details (like phone-nr) concealed to the provider too? Or can the provider build a database of who-knows-who?

rubo77
  • 2,350
  • 10
  • 26
  • 48

3 Answers3

17

Browsing through the source on GitHub, one learns that it uses ZRTP.

From What are the vulnerabilities of VOIP-specific security protocols? :

Prateek Gupta, Vitaly Shmatikov (2006) Security Analysis of Voice-over-IP Protocols

We also demonstrate a man-in-the-middle attack on ZRTP which disables authentication and allows the attacker to impersonate a ZRTP user and establish a shared key with another user.

For encryption, it relies on Spongy Castle v.1.46.99.3-UNOFFICIAL-ROBERTO-RELEASE

The upstream of Spongy Castle, Bouncy Castle, has the following CVE against its head:

CVE-2013-1624

Summary: The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Published: 02/08/2013 CVSS Severity: 4.0 (MEDIUM)

The software uses Speex and G.711 codecs as per source. Depending on the codec, not only metadata, but also the language and contents of the dialogue may be inferred because the Speex codec uses Variable Bit Rate (VBR) encoding (combined with Any Activity Detection and Comfort Noise Generation, to be more precise) (see the linked Q&A for details).

I recommend looking through the source yourself, though, instead of relying on strangers...

Community
  • 1
Deer Hunter
  • 5,297
  • 5
  • 33
  • 50
  • Disclaimer: I cannot vouch that ZRTP weaknesses have not been eliminated, being no expert in security protocols... YMMV, all other usual caveats apply. – Deer Hunter Jul 24 '13 at 00:54
  • `one learns that it uses ZRTP` As of now, as an addition, they're using a (propriatory) protocol which is called ["Signal Protocol"](https://en.wikipedia.org/wiki/Signal_Protocol). RedPhone was renamed to "Signal". – j3141592653589793238 Aug 25 '19 at 19:28
10

I'll have disagree with AJ's answer. When making a RedPhone call you're first authenticated by one the authentication servers and then a relay server handles connecting you to the call recipient. All of these communications are encrypted.

Since the caller isn't directly connected to the recipient (most you need NAT traversal on mobile data networks) , your provider isn't able to know who you're talking to. They could figure out how long was the conversation, but they're not able to know the recipient or the content. Only RedPhone themselves can know who you're calling.

In the rare case the recipient actually had his RedPhone port open and was able to receive a connection directly, then your provider only knows about his IP address, which could be helpful to figure out his phone number.

Adi
  • 43,808
  • 16
  • 135
  • 167
  • You say: "RedPhone themselves". Which instance would that be? Is this the software producer *Open Whisper Systems* then? When I register an account, I have to enter my telephone-nr, so the software producer is collecting the data, who-knows-who? – rubo77 Jul 29 '13 at 05:48
  • @rubo77 Yes, the software's authors and current server operators. Honestly, I wouldn't worry about that; by installing the application on your phone, you're already giving it access to your contacts, full internet access, your call information, your logs, your local storage, and recording your calls. – Adi Jul 29 '13 at 08:53
  • So how could I find oft if I could trust the authors then? I want a VOIP-app where there is nothing logged. – rubo77 Jul 29 '13 at 09:16
  • @rubo77 Write your own application and run your own servers. That's the only way to be as close to 100% sure as possible. – Adi Jul 29 '13 at 12:47
  • 1
    It is as Svetlana says - if you trust *nobody*, your only option is to do everything yourself - including writing your own compiler from scratch, in machine code, on a processor you built yourself. – shieldfoss Aug 09 '13 at 07:28
  • If someone snoops on the servers traffic, then the corresponding timing and sizes of packets would likely give away most of who is talking to who? – mc0e Feb 20 '16 at 17:31
6

Redphone is not designed to prevent meta-information capture. It still is possible for someone monitoring to figure out who you are talking to and how long you talked since no onion routing or similar system is implemented by it. However, it should protect the security of the contents of your communication since the encryption keys are unknown by anyone listening in and there are not known vulnerabilities that would allow the encryption to be cracked.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110