Two-person development shop created software for secure text and voice communications on Android smartphones.

Mathew J. Schwartz, Contributor

November 29, 2011

3 Min Read

10 Companies Driving Mobile Security

10 Companies Driving Mobile Security

10 Companies Driving Mobile Security (click image for larger view and for slideshow)

Twitter has snapped up Whisper Systems, a two-person mobile security software development firm that was founded last year.

Terms of the deal weren't disclosed by Twitter, which confirmed the Whisper Systems acquisition in an emailed statement. "As part of our fast-growing engineering team, they will be bringing their technology and security expertise to Twitter's products and services. We're happy to have Moxie and Stuart onboard," it said, referring to the Whisper's sole two employees: Stuart Anderson, and a researcher who goes by the name of Moxie Marlinspike.

Marlinspike is well known for exposing flaws in the digital certificate ecosystem, as well as developing a solution: Convergence, a tool that's designed to crowdsource certificate authenticity.

[ Security skills are in big demand. Read Best Paying IT Security Jobs In 2012. ]

But digital certificate fixes and smartphone security haven't been a focus for Twitter, which is a social networking and microblogging service. "Twitter isn't in the business of providing secure communications tools to end-users. - Hell, it still doesn't even use HTTPS by default," said security and privacy researcher Christopher Soghoian, via Twitter. "I'm struggling to understand this deal."

One explanation is that Twitter was shopping more for talent than mobile security technology. Indeed, all of Whisper's five products, which secure Android devices and communications, remain in beta. That includes secure-texting (TextSecure) and encrypted-voice-communications (RedPhone) software. Other products include Android data protection and full-disk encryption software WhisperCore, as well as Flashback, for saving encrypted Android backups to the cloud. Marlinspike has said previously that while the company's initial products were developed for Android, the company planned to extend them to Apple's iOS, as well as BlackBerry devices.

Twitter has declined to detail its exact plans for the existing Whisper Systems technology. But Marlinspike and Anderson said in a statement posted to the Whisper Systems site on Monday, where news of the acquisition first appeared, that "the Whisper Systems software as our users know it will live on (and we have some surprises in store that we're excited about), but there is unfortunately a transition period where we will have to temporarily take our products and services offline." As of Monday, notably, "RedPhone service will be interrupted immediately, but FlashBack users have a month to pull off any backup data they would like before that service also goes offline," it said.

Anyone relying on RedPhone to encrypt their communications would have likely encountered the service interruption firsthand. As noted by the Register, "dissidents and others who need RedPhone to encrypt their Android calls have no ability to use the service--and they have the Twitter acquisition to thank for the disruption."

That's relevant since Whisper Systems had made TextSecure and RedPhone, previously available only in the United States, available to Egyptian users after mass protests against the regime of Hosni Mubarak broke out in Cairo and Alexandria early this year. According to news reports, the government was conducting a massive surveillance campaign, including monitoring--and at times, blocking outright--SMS, voice communications, people's PCs, as well as Internet channels, including Facebook and Twitter.

Apply advanced analytics to the sales pipeline, Web traffic, and social buzz to anticipate what’s coming, instead of just looking at the past. Also in the new, all-digital issue of InformationWeek: A practical guide to biometrics. Download the issue now. (Free registration required.)

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights