TextSecure is now Open Source!

Posted December 20th, 2011.

We're excited to announce the open source release of TextSecure, our secure text messaging client for Android, which Twitter acquired when we joined their team last month.

We've always been interested in the ability for individuals and organizations to communicate freely and securely. In the year and a half since Whisper Systems launched TextSecure, we've received an enormous amount of thanks, feedback, and encouraging stories from users who have employed TextSecure towards those ends. We hope that as an open source project, TextSecure will be able to reach even more people, with an even larger number of contributors working to make it a great product.

Those interested in the source can find it over on GitHub. There is also a mailing list for those who have questions, suggestions, or wish to get involved.

— Whisper Systems Development Team

 

Whisper Systems Is Joining Twitter!

Posted November 28th, 2011.

We're moving:

We started Whisper Systems with the goal of improving security and privacy for mobile devices. We were attracted to this not only because we saw it as an opportunity to reinvent the security solutions that never really worked in the PC environment to begin with, but also because the stakes are much higher — due to the nature of mobile devices themselves — and we didn't like the way that things were looking.

We ended up tackling the full stack — all the way from application-level solutions at the top of the stack, down through a hardened version of Android, to kernel modifications at the bottom of the stack. Along the way we learned a lot, and developed products that we're proud of.

Now that we're joining Twitter, we're looking forward to bringing our technology and our expertise into Twitter's products and services.

The Transition:

The Whisper Systems software as our users know it will live on (and we have some surprises in store that we're excited about), but there is unfortunately a transition period where we will have to temporarily take our products and services offline. RedPhone service will be interrupted immediately, but FlashBack users have a month to pull off any backup data they would like before that service also goes offline.

Enormous Thanks:

Thanks to everyone who beta tested our software, sent us encouraging emails, filed thoughtful bug reports, and in general kept us going with your enthusiasm and support. We couldn't have done it without you, and we hope that we can continue to meet your expectations for software that helps provide security and privacy.

— Whisper Systems Development Team

 

FlashBack 0.3

Posted October 3rd, 2011.

Today we've released FlashBack 0.3, which adds support for statistics on the logical/phsyical storage space each device and individual snapshot is using.

The new release is available in Android Market.

— Whisper Systems Development Team

 

FlashBack 0.2

Posted September 21th, 2011.

Today we've released FlashBack 0.2, which includes the ability to change your encryption passphrase, change your account passphrase, rename devices, delete devices, delete all snapshots for a device, and delete your FlashBack account.

The new release is available in Android Market.

— Whisper Systems Development Team

 

WhisperCore 0.5.5

Posted September 8th, 2011.

Last week, Whisper Systems responded to the DigiNotar CA compromise by removing the DigiNotar root from the WhisperCore CA trust database, effectively revoking trust in DigiNotar.

This week, a report was released by the Dutch government, which indicates that the scope of the breach is worse than we originally anticipated. In addition to the compromised DigiNotar root, it appears that DigiNotar had a number of intermediate CA certificates which were also compromised. These intermediates (signed by "Staadt der Nederlanden," Entrust, and CyberTrust) could potentially have been used to sign some unknown number of forged SSL site certificates.

Intermediate CA certificates are not as straightforward to untrust. We can't simply remove them from a database, because they aren't in any databases. Instead, they chain back to roots which are good otherwise. Firefox and Chrome have addressed this by baking these certificates directly into their browser binaries and explicitly making checks against them when setting up SSL connections.

On your Android phone, however, there are many different apps that make SSL connections — all of which would have to bake these explicit certificate checks into their SSL setup logic. At Whisper Systems, we don't want to wait for app developers to make these changes, and they shouldn't have to. So we've extended the Android framework to do it automatically.

Now on WhisperCore, in addition to the trusted cacerts.bks store, we've created an additional untrusted.bks store, which contains certificates that are to be explicitly considered compromised, and which is currently populated with the DigiNotar intermediate certificates. If any application on the device initiates an SSL connection and receives a certificate chain with a certificate from the untrusted.bks store anywhere in it (root, intermediate, or leaf), that SSL connection will be marked as invalid.

We believe that WhisperCore currently represents the only Android SSL experience that fully protects users from the DigiNotar compromise. Stock Android devices have not been updated at all, but even advanced users who have rooted their phones to modify the cacerts.bks file on non-WhisperCore devices are still not protected from these bad DigiNotar intermediate CA certs.

As usual, WhisperCore users can quickly upgrade by using the "WhisperCore Updater" app.

— Whisper Systems Development Team

 

WhisperCore 0.5.4

Posted August 30th, 2011.

In response to the DigiNotar CA compromise, we've released WhisperCore 0.5.4, which removes the DigiNotar Root CA certificate from the trust store.

As usual, WhisperCore users can quickly upgrade by using the "WhisperCore Updater" app.

— Whisper Systems Development Team

 

WhisperCore 0.5.3

Posted August 29th, 2011.

We released WhisperCore 0.5.3 today, which features an upgrade to Android 2.3.5, along with some bug fixes and stability improvements.

As usual, WhisperCore users can upgrade by using the "WhisperCore Updater" app.

— Whisper Systems Development Team

 

WhisperCore 0.5.2

Posted June 27th, 2011.

We rolled out a few bug fixes over the weekend as WhisperCore 0.5.2. This addresses an issue some people were seeing with MMS messages, as well as a problem with APN configuration that was causing some users to lose their 3G data connections.

If you installed WhisperCore 0.5 and are having problems with 3G data, after upgrading to WhisperCore 0.5.2, open Settings -> Wireless And Networks -> Mobile Networks -> Access Point Names. There, click Menu -> Reset to default. This should resolve your issues.

As usual, WhisperCore users can upgrade by using the "WhisperCore Updater" app.

— Whisper Systems Development Team

 

WhisperCore 0.5 and Selective Permissions

Posted June 17th, 2011.

Today we've released WhisperCore 0.5, which features the ability to selectively revoke permissions an app has requested. We think this is an exciting development that will continue to give users and administrators more control over the security of their data.

— Whisper Systems Development Team

 

WhisperCore Platform SDK.

Posted June 7th, 2011.

Today we released the WhisperCore Platform SDK, which provides developers with access to capabilities specific to the WhisperCore platform. While this initial SDK focuses on provider access to iptables settings, we will continue to make more WhisperCore features available to developers over time.

— Whisper Systems Development Team

 

WhisperCore Errata.

Posted June 2st, 2011.

There is a bug that is preventing WhisperCore users who originally installed 0.2 or 0.3 with the Windows installer from upgrading to 0.4. After running the "WhisperCore Updater" tool, the bug manifests itself by rebooting into the upgrade screen, but then failing and displaying an exclamation point.

To fix this bug, users will have to download and run a small Windows installer:

Nexus One users can get this here.
Nexus S users can get this here.

After this is complete, please run the "WhisperCore Updater" tool as usual, and everything should upgrade smoothly. We apologize for the inconvenience.

— Whisper Systems Development Team

 

Smudge resistant screenlock details.

Posted June 1st, 2011.

WhisperCore 0.4 includes smudge resistant screen unlock patterns, part of our efforts to help provide data security for Android devices.

— Whisper Systems Development Team

 

WhisperCore 0.4 and Flashback

Posted June 1st, 2011.

We released WhisperCore 0.4 today, which includes Flashback, a new product that provides secure snapshot-based backups for your device. We're pretty excited about it, so check it out!

You can download WhisperCore here, or existing WhisperCore users can click "Check for updates" in the updater tool.

Additionally, this version of WhisperCore includes:

  • New anti-greasetrail screen unlock patterns (we'll post more about this soon).
  • An upgrade to Android 2.3.4.
  • Upgraded 2.6.35 kernel support.

— Whisper Systems Development Team

 

WhisperCore 0.3 and WhisperMonitor

Posted May 3rd, 2011.

Today's release of WhisperCore 0.3 includes WhisperMonitor, a new product that brings advanced network security features to Android. Check out the WhisperCore release and WhisperMonitor details.

— Whisper Systems Development Team

 

WhisperCore 0.2 and Nexus One Support

Posted April 5th, 2011.

We've released WhisperCore 0.2 and extended support to the Nexus One. Changes:

  • We've developed WhisperYAFFS for filesystem-level encryption on NAND flash devices like the Nexus One.
  • Addressed some contact syncing issues present in 0.1.
  • Fixed a problem where the SD card would not mount via USB in some cases.
  • Fixed a problem with 3G connectivity that appeared in some cases.

— Whisper Systems Development Team

 

WhisperYAFFS Source Release

Posted April 4th, 2011.

We've released WhisperYAFFS, the set of filesystem encryption extensions to YAFFS we've developed for FDE on Android devices with NAND storage, as open source.

— Whisper Systems Development Team

 

RedPhone 0.4.3 and International Support

Posted March 15, 2011.

RedPhone 0.4.3 is now available in Android Market. This release, at long last, supports international calling. In addition to our existing international support in Egypt, we're also rolling out support for Canada and Spain today. Users in those countries can now download RedPhone from Android Market, and if everything goes well, we'll continue adding support for more countries throughout the week.

— Whisper Systems Development Team

 

WhisperCore 0.1 Released

Posted March 15, 2011.

We've released WhisperCore 0.1. Device and data security for Android, and the first iteration of a platform-level security project.

— Whisper Systems Development Team

 

TextSecure 0.5.6 Released

Posted March 3, 2011.

TextSecure 0.5.6 addresses two bugs.

  • We've fixed a bug that was causing session fingerprints not to match in some scenarios.

  • Fixed a bug that was causing TextSecure to crash in some cases where one party in a secure session did not have an identity key.

    — Whisper Systems Development Team

 

TextSecure 0.5.5 Released

Posted January 12, 2011.

TextSecure 0.5.5 is now available in Android Market. This release primarily improves the key exchange process, which no longer requires any user interaction once a key exchange has been initiated. It also includes a number of small bug fixes.

— Whisper Systems Development Team

 

TextSecure 0.5.4 Released

Posted January 05, 2011.

TextSecure 0.5.4 is now available in Android Market. This release fixes an issue with Sprint Visual Voicemail on Sprint phones. Visual voicemail should now work with TextSecure installed.

— Whisper Systems Development Team