How to use an iPod Touch as a secure calling and messaging device

Published: 2015-Sep-12
Updated: 2015-Oct-10, revision 64

IMG_20150922_152941-02

Modern communication technologies are abundant, but legacy phone calling and texting (SMS, MMS) are inherently insecure. Communications content in addition to metadata is collected and stored by various organizations and for many years. People have a responsibility to safeguard their personal communications with strong encryption technologies because only then will your friends and family be able help collectively defend your rights. In professions where privacy is expected between you and clients (law, journalism, etc), policy should dictate to either communicate securely or not at all.

Encryption technology is not new but default strong encryption in mass-market devices is. We’re slowly evolving. The political cost of default security is at an all-time low while the social expectations of strong encryption are at an all-time high. Modern telecommunications largely depend on legacy communications infrastructure which is unfortunate:

  • All cell phones transmit insecure content and metadata because cell networks were designed for surveillance.
  • All cell phones not broken, off, or in airplane mode can be easily tracked.
  • All cell phones contain baseband processors with system wide access that can be remotely controlled.
  • The majority of SIM cards require registration using government-issued ID.
  • Android’s default is unencrypted storage.
  • Androids get slowly patched, if at all.
  • Carrier modified versions of Android are poorly developed.
  • Until the next version of Android, apps have near limitless access to other local data.
  • Microsoft’s and Amazon’s phones are a joke in terms of capability and security.

“Nobody is listening to your telephone calls” –President Obama

President Obama is technically correct. It is not possible for the US government employees to listen to every phone call. The data requirements for maintaining recorded phone calls is feasible, but what is cheaper and more effective is to transcribe voice data to text. The solution is easy: don’t give it to them.

What is bad for the FBI is also bad for all other malicious actors. It is up to us to cause the social change that in turn lowers the financial liability and cost of default security.

The financial cost of surveillance equipment is also at an all-time low. Mobile IMSI catchers can be built and deployed by anyone technically savvy enough to learn how to build one, and law enforcement has large budgets for more feature rich devices. The most effective way to assure that you are not a victim of cell tracking or attack is to not use those systems.

The Apple iPod Touch

ipod2

The modern iPod fills a much needed space. WiFi only. Generations 5 and 6 support iOS 8 which is the minimum requirement for Open Whisper System’s free and open source Signal application.

Note: WiFi only iPads could also be used and may be a better solution for people with poor eye sight.

Please review my post Signal, TextSecure, and RedPhone ecosystem notes if you would like to learn more about Signal’s capabilities and limitations. Also review my post TextSecure, RedPhone, and Signal threat modeling if you would like to learn more about Signal’s threats and adversaries in comparison to legacy cellular telephony.

Advantages

  • Network: the iPod does not have inherent baseband insecurities or SIM card insecurities.
  • Network: you can control which WiFi networks to expose your device to.
  • Data at rest: The iPod employs default device encryption.
  • Data at rest: Signal employs default message database encryption and isolation.
  • Data in motion: Signal only uses modern protocols and state-of-the-art encryption.
  • OS security: Apple pushes security patches relatively quickly and the iPod is a more challenging device to infect with malware when used correctly.
  • Verifiability: Signal allows users to compare and verify encryption key fingerprints.
  • Verifiability: Signal is a free and open source software project that is publicly audited.
  • Scalability: other people with an iPod, iPhone or Android can freely install and use Signal.
  • Liability: when employed in a work place with supportive policy, work-oriented communications are compartmentalized from personal devices.

Disadvantages

  • Configuration: using Signal on an iPod requires additional steps to get setup.
  • Network: WiFi access is not as abundant as cellular data.
  • Privacy: iOS requires an Apple ID account to download apps — alternative information can be given if Apple is an adversary in your threat model.

Cost

If you use your iPod minimally to maintain good system health, there is no reason to get anything above 16GB. That is enough free space to upgrade to iOS 9. A new 16GB iPod has 11.7GB usable. A USB wall charger is not included when buying a new iPod, you must buy one or use an existing one (don’t plug it into any computer). If you will be making voice calls with Signal, a required additional purchase is any manner of corded headset.

Apple’s prices:

  • 16GB – $199
  • 32GB – $249
  • 64GB – $299
  • 128GB – $399
  • 16GB – 229€
  • 32GB – 279€
  • 64GB – 339€
  • 128GB – 449€

U.S. Costco prices, only available with membership:

  • 16GB – $189 in store
  • 32GB – $229 in store
  • 64GB – $289 online

Phone number

Signal, for the foreseeable future, requires a phone number to use for registration. Since an iPod does not have a SIM card or any other phone service, we have to use a phone number that you have SMS or voice access to. It is possible to use any manner of burner phone number, but this guide will not instruct how to do that since there are inherent risks with using a number you don’t have long term control of. If someone gains SMS or voice control of a phone number you use with Signal were to register that number with their own Signal device, you would no longer be able to communicate with that number, and someone else could impersonate you if your contacts blindly trust a new key fingerprint.

PC Magazine has a decent article covering VoIP options.

Below are some example procedures when using the following services, or modify them to fit your needs:

Landline

If your home or work has a landline phone number that can be called directly–no extensions to jump through–then you can register that number with Signal. This is ideal for journalists or lawyers who already have landline numbers that people already have in their phone books.

  1. Enter your landline phone number into Signal for registration.
  2. Click verify this device.
  3. Click call me instead.
  4. Open Whisper Systems will call your landline number and provide you an auditory verification code. Enter that code into Signal to verify.

Skype

Skype allows anyone to buy a phone number for $18 every 3 months or $60 every 12 months. Skype can’t receive SMS so you will need to install the desktop client onto your computer and be able to receive a Skype call.

  1. Enter your Skype phone number into Signal for registration.
  2. Click verify this device.
  3. Click call me instead.
  4. Open Whisper Systems will call your Skype number and provide you an auditory verification code. Enter that code into Signal to verify.

Google Voice

Google Voice is a great option for most people in the United States as long as you have a number you can forward calls to. Google will provide any US Gmail account a free, long term phone number. Voice has the added benefit of setting up voicemail which could be useful in case legacy phone calls attempt to call — you can let them know in voicemail to call back with Signal or RedPhone.

  1. Enter your Google Voice phone number into Signal for registration.
  2. Click verify this device.
  3. Open Whisper Systems will send a verification code to your Google Voice account via SMS. Enter that code into Signal to verify.

Twilio

Twilio allows anyone to register a voice and SMS number for $1 a month.

  1. Enter your Twilio phone number into Signal for registration.
  2. Click verify this device.
  3. Open Whisper Systems will send a verification code to your Twilio account via SMS. Enter that code into Signal to verify.

Operational security practices

Define a strict use case for your iPod for when certain groups of people ask. If you routinely travel, possibly through airport or border security, you don’t want to raise suspicion of your device. It is an iPod after all, people will have expectations that it is for listening to music. You may be coerced to provide access to the device to prove its legitimacy. Plan ahead.

  • If your iPod is for professional services (like law, journalism, etc) only certain groups of people, maybe clients, should be aware of your communications practices. Your organization may even make certain policy decisions like making it public information that you can be reached via Signal for secure communications.
  • If your iPod is for personal use, since you can’t risk connecting the iPod to computer systems to sync files, perhaps use it for photography and picture viewing.

Also:

  • Buy your iPod Touch in cash or at least in person.
  • Don’t risk infection or leave behind security certificates: do not connect your iPod into any computer system or automobile.
  • Only charge the iPod via wall charger or firewalled USB charger.
  • Don’t use any third-party apps that aren’t Signal. No Web browsing, social media, or email.
  • Keep the iPod physically safe — maybe even keep it in an actual safe when not in use.

Firewalled charging options:

Directions

Be aware that several privacy settings must be reconfigured once you upgrade to iOS 9. Review these settings once you update.

Set up your iPod:

  1. Connect to WiFi
  2. Disable location services
  3. Set Up as New iPod Touch
  4. Sign in, or Create an Apple ID
  5. Don’t use iCloud
  6. Don’t use Siri
  7. Don’t send Diagnostics

Configure your iPod:

  1. Settings > Bluetooth > Off
  2. Settings > Passcode Lock > Simple Passcode (Off – set an alpha-numeric passphrase)
  3. Settings > Passcode Lock > Erase Data (On)
  4. Settings > Privacy > Advertising > Limit Ad Tracking (On)
  5. Settings > Software Update > Download and Install

Set up Signal:

  1. Open the App Store
  2. Don’t install any new apps other than Signal.
  3. Search for an install “Signal – Private Messenger” by Open Whisper Systems
  4. Open Signal
  5. Enter the phone number that you’ve chosen to use (VoIP, landline, etc)
  6. Depending on how you need to verify Signal (SMS or call), perform that action (see examples above)
  7. If and when it asks, allow Signal to send notifications

Once Signal is installed:

  1. Settings > Notifications > Signal > Show on Lock Screen (Off)
  2. Signal > Settings > Privacy > Fingerprint (Tap to copy)