Verizon's 'Secure' Voice Cypher App Comes With Pre-Installed Government Backdoor

News
By Lucian Armasu
published

After all the Snowden revelations, many tech companies have worked to improve the security of their products. Some, such as Google, did it in part because it wanted its users to be more secure, but also because its executives and security employees were angry with the U.S. government for hacking its internal networks.

Google has already implemented many security improvements to its systems, but some of the most noteworthy are the announcements about the end-to-end encryption for Gmail (not yet implemented) and about default storage encryption on devices that come pre-installed with Android 5.0.  

Yesterday, Verizon announced that it's also entering this post-Snowden "secure communications" market with an app of its own called "Voice Cypher," which it built in partnership with a security company called Cellcrypt.

On its site, Verizon claims that the app has "end-to-end" security, which normally means that users should be able to communicate directly to each other, with no other middleman, and the encryption key is stored locally. If the encryption key is stored with anyone else, then some other party is involved in the communication and can decrypt it, so it wouldn't be "end-to-end" anymore.

Despite Voice Cypher's claim for end-to-end security on the marketing materials, it seems Verizon admitted to Bloomberg Businessweek that the U.S. government can access the data. This means one of these two things: either the app is not end-to-end secure, because someone else can intercept the call, or the app is end-to-end secure, but Verizon has some kind of built-in backdoor for the government's benefit.

Either way, the app is not as secure as Verizon claims, and it can at the very least be accessed by U.S. authorities, or even by other hackers once they discover the vulnerability. Cellcrypt, Verizon's partner, stated that the weakness exists only for the government, but many security experts believe that when such a loophole exists, that never turns out to be true.

"Requiring software vendors to build intercept functionality into their products is unwise and will be ineffective, with the result being serious consequences (PDF) for the economic well-being and national security of the United States," wrote security experts in a report earlier this year, when evaluating CALEA 2, a new FBI-proposed law mandating backdoors in tech products.

Individuals or organizations who want real end-to-end secure voice applications already have at least two strong options: the open source Signal (iOS)/RedPhone (Android), or Silent Circles paid security suite.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
7 Comments Comment from the forums
  • Christopher1
    Verizon just made it so that no one will use this 'secure' app ever who is truly concerned about privacy. Verizon, get a clue: NO BACKDOORS ARE ACCEPTABLE! Tell the government where to stick their backdoors.
    Reply
  • LordConrad
    This is Verizon, is anyone really surprised by this?

    I left Verizon a year ago because I was tired of their lies and high prices, and I've never been happier.
    Reply
  • stansboy1
    Here's a theory........Those in power (note I don't say Government) start a long historical series of viruses, trojans and malware in general. Which causes the general populace to run for security software, which already has back doors built into it by agreement (or under threat) with the those software houses that produce said software. Job done....we run like lemmings to what we believe is safety, or not ?

    Its seems strange that two top security software executives have become persona non grata in the last few years, perhaps they didn't want to play anymore ? Think Norton and Kaspersky.
    Reply
  • AndrewMD
    People are blowing this completely out of proportion, why would you think Verizon or any company would allow end-to-end direct secure connection without a backdoor for government use? What are you talking about that you do not want the government knowing? Are you a terrorist? Are you planning some sort of government uprising? You are a person on a public company network, you have no rights. Stop. Stop.. Think, you do not have ANY rights. If you want security, then build a custom network off the grid and if the government comes knocking down your doors, whatever the government accuses you of will be the truth. Let that be a warning to you and all the people that make comments that Verizon or their affiliates are bad.
    Reply
  • fimbulvinter
    Personally I enjoy not having my 4th Amendment rights violated on the whim of the oligarchy.
    Reply
  • AndrewMD
    fimbulvinter - at what point does it make since that the government shouldn't have access to monitor it's citizens or (non-citizens). We live in a world where too many people want to see all we created destroyed and return everything back to the stone age.

    At the end of the day, the government flags any comment for further review based on certain criteria, something I am willing to give up for the sake of prevention and protection.

    Reply
  • fkr
    14818547 said:
    fimbulvinter - at what point does it make since that the government shouldn't have access to monitor it's citizens or (non-citizens). We live in a world where too many people want to see all we created destroyed and return everything back to the stone age.

    At the end of the day, the government flags any comment for further review based on certain criteria, something I am willing to give up for the sake of prevention and protection.


    Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
    1755.—The Papers of Benjamin Franklin

    liberty synonyms: independence, freedom, autonomy, sovereignty, self-government, self-rule, self-determination; civil liberties, human rights

    for all of the above i need privacy. i am with the right for life, liberty and a pursuit of happiness; btw, people being able to listen into my conversions disrupts my happiness. Our government does not have the right to infringe upon unalienable rights.
    Reply