Silent Circle - Military Level Encryption Brought to Your Phone - ITS Tactical

Shop the ITS Store!


Silent Circle – Military Level Encryption Brought to Your Phone

By The ITS Crew

Silent Circle App MainMy phone started to ring. Was it really who I thought it was? The display said that the connection was secure but I had to be certain. We verbally verified that we were seeing the same two random words (secure authentication string) on our phones.

“skydive amulet”

The green “Secure” text appeared so we knew there was no one listening. This technology isn’t just for spooks. This is a $20 a month service you can sign up for today.

Yesterday, an app for the iPhone (Android coming soon) was released that promised to protect your privacy when calling and sending texts. Silent Circle uses TLS and ZRTP protocols to encrypt packets of your phone call across the Internet making each call secure.

It costs $20 a month (with different plans available) and all of the data from your phone goes through a custom built encrypted network, the Silent Network, providing you with a secure line.  Check out their site for a full rundown on the capabilities of the Silent Network.

The Silent Phone app handles the call side while Silent Text app encrypts and secures your text messages. In the Silent Text app, you’re even able to set a duration for the visibility of that specific text. Once it hits the time you designate, the message “burns” and disappears.

Silent Circle is  careful to spell out what they do and don’t do. Of course, it’s worth noting that you have to use your best judgement when using the apps. If you are in a public place, people can still eavesdrop on your conversation.

While we are still trying out the app, the one thing that caught my eye is that the iOS app isn’t made for the larger screen of the iPhone 5. That’s probably just a problem for early adopters but it’s something I noticed right off the bat.

Does it Really Work?

While we consider ourselves a fairly techy crew at ITS, some of the specifics with this app and network are a bit foreign to us. We asked someone with more security knowledge to weigh in on Silent Circle:

“It’s a proprietary system, which means that nobody knows the real workings of it. The only choice is to trust that the company does what they claim they do, never makes any mistakes and always does the right thing. For a piece of software that is just a fun toy, that may ok, but for security software, it’s unacceptable.” As the Free Software Foundation said, “Proprietary security software is an oxymoron — if the user is not fundamentally in control of the software, the user has no security.” [0]

Furthermore: “In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It’s true for cryptographic algorithms, security protocols and security source code. For us, open source isn’t just a business model; it’s smart engineering practice.”[1]



Until we get some further time behind this app to test it, we leave you with this appropriate web comic from XKCD:

Update: Some questionable practices have been brought up that are worth your time to read. Follow along through this comment thread on GitHub for the back and forth conversation.

Are you getting more than 14¢ of value per day from ITS?

Thanks to the generosity of our supporting members, we’ve eliminated annoying ads and obtrusive content. We want your experience here at ITS to be beneficial and enjoyable.

At ITS, our goal is to provide different methods, ideas and knowledge that could one day save your life. If you’re interested in supporting our mission and joining our growing community of supporters, click below to learn more.


  • Silent Circle is crap.

    Here’s what we REALLY need: A PEER-to-PEER smartphone app that, when prompted, generates a public encryption key, and exchanges it, with a peer, via extremely short range technologies (~.5 meter).

    The key is associated in the Contacts database with a specific phone number and used to encrypt all those calls. A new key can be generated at will.


    There are only BAD reasons for Silent Circle to insinuate its servers into the encryption equation – trust me.

    • Unkown

      Encryption on a closed ecosystem is comical at best . In reality it simply does not work . Meaning whats the point of putting new locks in if you keep your windows open at night . You want security on your comm lines ? Loose the ios,android and ,or your beloved blackberry . The same words would apply to CDMA. Most civilized human being would not do that . Encryption that’s based on a proprietary system is nothing more that smoke and mirrors . Collecting so called encrypted data , then selling that intel to the highest bidder is probably good money on the side . Running a encrypted P2P with a .5 meter range ? My dear Legion , there are two big problems with that . One you are thinking of a digital dead drop that could not exist in real life . Though the concept, does sound lovely .Two , you better off using two cups and a string and calling it encryption . Anonymous p2p setups can be compromised , that’s a fact . Running a secure comm line via a data connection for voice .is a worthless idea .

    • We are working to publish the sources, working with vendors to open source, who wrote some subsections (we wrote all the crypto) , in the meantime here is some very technical info on how the silent Text protocol works:

    • Joe Questionable


      My understanding (from conversations with one of the engineers at Silent Circle), is that this DOES do virtually exactly what you just said. End-to-end encryption, with ephemeral keys generated on the clients (i.e. iPhone), not the Silent Circle servers.

      The issue of closed vs open vs reviewed-by-some-authority source code still remains to be seen, but I understand they have this in the works as well. Probably the investors wanted this to market ASAP. I do hope for their sake that not delaying until after some trusted third party reviewed the code does not hinder their market’s reception.

    • vinthewrench

      umm, no, you are incorrect.

      The keys ephemeral (look up how ZRTP works). the contacts database have nothing to do with the keys. The servers only pass encrypted information around, they have no access to the clear text.

      The code will be released to open source as soon as Silent Circle can get around to it.

    • Unknown

      If the VP of engenering himself, says that we are wrong . Then, we must be wrong . Btw Vince …. If you don’t mind me asking. What’s the timeframe for that release ? Would your company allow for an independent stress test of silent circle ?

    • vinthewrench

      we are working to release the sources, unlike the days back we WE did it originally (take a second and research who Silent Circle is) with PGP, so much of the code these days is locked up in licensing. As soon as we can get all the various vendors to allow us we will make the code available (most likely on github).

      If I cant get everyone to let go quick enough, we will at least put out the crypto modules and some docs on how it works. We have no plans to hide anything.

      we have had strong involvement with independent third party security testers all along and will release their reports also.

      Assuming that Unknown and Legion are all well qualified to review the sources, is there anything else that you all would require to make you feel more comfortable?

  • To everyone that left a comment prior to 13:30 today on this post. We had a database optimization run and it wiped a few pending comments. Please leave them again and we apologize for the inconvenience, thanks!

    • So a few more got approved and removed accidentally once again. I’m truly sorry for the trouble everyone! Our server has been getting slammed today and some database changes aren’t playing nice. I assure everyone we’re not trying to censor your comments! Thanks for your patience and support.

  • Pk

    Third time is a charm! Now even shorter! 😉

    I think your security professional meant to say “closed source” – there is a big difference between just being closed source and also being proprietary. Silent Circle has used open and peer reviewed algorithms and protocols including ZRTP, PGP, S/MIME, OTR, and TLS. The validation of the implementations can be done w/o source or they can also option for a review from organizations like Veracode (which they may have). It’s clear Silent Circle 1) is doing more due diligence than most counterparts including most FOSS projects and 2) intends to open what makes sense to open as noted officially at

    There is also the small matter of potential conflicts and Legal wrangling around Apple’s own T&Cs as others have experienced (see:

    Two of the core founders of Silent Circle have industry PROVEN records of secure design, readily receptive to criticism, community practice, fighting Government overreach.. FOSS does not mean secure or even having ever had been reviewed. Oddly the calls for RedPhone and TextSecure neglect to mention they were closed source for quite some time before being released.

    Additionally the criticism about about Silent Circle servers is misleading – SC ~does~ offer the option of letting them do key-management which they then also note is not as secure and may end up being compelled under Government request to be handed over. So they offer multiple levels of security for the end-user to determine risk and practice for themselves.

    The rush to judgement increasingly comes from what I call the “Western Promises” tech-savvy groups that neglect to consider the limited userbase of existing solutions and the difficulties of use. Silent Circle has, thusfar, demonstrated good practice, good faith, and ready availability. We should support these developments when commercial interests meet the community at “ground level” so well.

    Silent Circle deserves the benefit of the doubt (for now), and as they’ve said, the savvy core groups can interoperate with Silent Circle customers. -Pk

  • GreenTip556

    I’m pretty sur ethis is the company Vic Hayder helps head up. I’m pretty sure this is the same Vic Hayder that had some “command issues” at his last team, specificallly an ill-advised op that he pushed through. More here:

  • NJS

    In the near future, when voice mimicry technology is perfected, the problems of insecure phone conversation will be so tremendous that the need for services like Silent Circle will apply to everyone.

    Your voice is something you are, a call that sounds like you but is not you is a threatening thing.

    Worrying about large-scale monitoring of encrypted communications is totally valid, but have you considered whether ordinary folks who trust their everyday phone communications are authentic or secret need that trust validated a bit differently? A boy who calls up Grandma to discuss Grandma’s cookie recipe is not hurt by the government stealing the recipe, but he can be hurt if:

    * Grandma hears the boy insult the recipe.
    * Grandma hears the details of the conversation from neighbors unexpectedly.
    * The boy’s call goes through to someone or something that is not Grandma but sounds like her.

    While it’s true that zerzetsen tactics *could* be employed by the government to add unhappiness to grandmom’s relationship with her grandkid, it’s the bullying classmate who’s more likely to go after the boy that way.

    Consider how a bully would want:
    * ability to feign identity, particularly using media (voice, phone)
    * access to confidential communications and event information (what people “wouldn’t bother” to spy on).
    * a network of cronies who tend to relay what she communicates.

    A bully’s flexibility to act comes from 3 areas of uncertainty:

    * whether recordings or speakers are genuine or false
    * whether her innuendo implies additional knowledge beyond what she shares
    * whether others, usually intimates or friends of her current target, are involved in informing her network or supporting her abuse (of her target, e.g., me).

    You can see how a service that worked for “everyday folks” would neutralize one problem, at least, the problem of whether calls are secure and come frome the devices they seem to come from. It’s handy for protecting from small conspiracies. Usually people say, “Oh, why bother, who would do that?” My answer is that a lot of bullies would do that, if they realized that they could, and if they understood how to exploit the consequences. These days, increasingly, people want to participate in bullying of others, it’s a less pleasant world we live in, protecting the ordinary good life requires more armor. A service like Silent Circle, if it’s any good, is more armor.

  • Unknown

    Well ,Vince . What can I say besides the fact that I am aware about silent circle and history that’s associated with pop. Please , do understand that I’m not pulling false intel out my ass . It’s not that I don’t trust your op . It’s the fact it’s running on iOS . There is a lot of history of any digital ecosystem being compromised . Android , ios and blackberry .Also be aware of the fact of companies selling the encryption hosts or at least cases to the to third parties . A simple fact that is less publicized . I honestly do not know if legion is qualified to do stress testing on those modules . Myself on the other hand , I’m not going to confirm or deny that .

    • vinthewrench

      Unknown, you should reach out to me and let me know what I can do to address these concerns.

    • Unknown

      Vince , I am sorry but I cannot assist you on this . A, I do not work with the private sector . B, what ever stuff I assist in developing stays with my team . C, even if I wanted to assist , my superiors would never approve of this stuff . Even if it was on my own time . Sorry jefe . Hope you understand .

    • NJS

      You handle authentication of the sender and security of the connection, not security of the device receiving the message. On the receiving end, another listener in the environment or a side-channel attack can capture the message, and anyone running malware on the device can capture or transform the message. If Silent Circle verified that the device user is also the device owner of the device containing your encryption keys (in the dual-subscriber, peer-to-peer scheme), that would be somewhat helpful, if the Silent Circle scheme improved on what devices already offer. Hopefully voice biometrics will never be the chosen scheme.

      Two other problems are:
      * impersonation accounts
      * devices added to hacked accounts

      I’m not sure how Silent Circle guarantees device ownership when devices are registered, or the identity of users who create accounts, but if it is the typical means, of a phone call and voicing the last digits of a credit card number, that’s not adequate to protect users.

      **warning: a rant follows**

      Of the four means of mimicking voice:

      1. direct imitation
      2. recording manipulation
      3. real-time digital voice transformation
      4. digital voice production (e.g. Festvox: TRANSFORM)

      Imitation and cut-and-pasted recordings are the simplest for people to use now. By the middle of high school, a motivated social engineer should be capable of using all four methods. As the technology develops, the ability to mimic voices will be available to more people with lesser abilities.

      The next hurdles for successful voice forgery are:
      * choice of words, especially the mannerisms of the mimicked person
      * information content of the verbalizations

      Even when voice mimicry technology allows a 5 year old to sound exactly like their father, he won’t be able to convince the kindergarden teacher to let him stay home, because he won’t choose the words or speak with the knowledge of his father. This will rule out voice transformation for him, and voice production as well, at least until voice production systems can independently create voice profiles that include the voice mannerisms of his father. Obviously, voice imitation won’t work, but voice recording can, if the software assists the little boy in recording his father and controlling the call to the kindergarden teacher in which the recording is transmitted.

      Malicious use of voice forgery can impact others’:
      * specific decisions
      * relationships or their trust levels
      * emotions
      * stress-level

      Furthermore, even if the true source of a forged call is known, the information contained in the call can raise harmful doubts or feelings in the listener about someone other than the source, particularly when false recordings or clever innuendo is used to lead a person’s thinking and precipitate a problem. For example, a call to the kindergarden teacher spoken in the words of the 5-year old boy, but containing information that the teacher is led to believe came from the boy’s father, such as, “Daddy thinks you have a nice … never mind.” can become a powerful attack on the father and teacher or their relationship, depending on the culture and communication trust between father and teacher. It could instead hurt the child if the call was faked in the child’s voice.

      Silent Circle technology offers the assurance that a message is being transmitted from one device to another that is private and unchanged during transmission. Could Silent Circle apps be written to prevent use of another app running on the device that changes microphone input before the Silent Circle app processes it? I’m thinking of a windows application currently available online that offers real-time profile-based voice transformation for use with Skype. How hard would it be to prevent the use of similar technology with Silent Circle? I’m not mentioning the name of the technology because I’ve tested it, and used as prescribed, it’s not very good. In a few years, though, it will be.

    • vinthewrench

      the device is an iPhone. not a windoze box

    • NJS

      iPhone offers similar voice transformation programs, but I’ve not tested them. Voice transformation technology in general will be good within a few years, in fact, it can work better if the voice user mimics the target voice to start.

  • vinthewrench

    for those who asked about source code for review

  • silent text 1.5 is now available on app store

    Numerous improvements and additional functions
    Send ANY business attachment – Excel, Powerpoint, Pages, PDF, Word, Keynote, CAD drawings
    Send Map location as well as location within images and videos
    Send photos, videos, audio recordings and URL Links
    Send calendar invites and contacts
    Make encrypted Silent Phone calls from within Silent Text
    Redaction – allows full control of messages you’ve sent
    Manually burn on both devices simultaneously
    Allows renaming device
    Forwards content from other iOS apps
    Works across multiple devices

  • Christopher Prevost

    Check out RedPhone at its a free secure voice app for the android phone.

    the setup for my android based phone is
    -red phone

  • That dude from Europe

    Haha, not anymore!!

Do you have what you need to prevail?

Shop the ITS Store for exclusive merchandise, equipment and hard to find tactical gear.

Do you have what you need to prevail? Tap the button below to see what you’re missing.