29 November 2011 | 10,659 views

Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones

Check For Vulnerabilities with Acunetix

This is certainly an interesting acquisition and not one I would have expected, I’m not even exactly sure what Twitter is planning and why they would want a company focused on mobile encryption (and specifically on the Android platform).

I can’t see any real corporate use for Twitter, so they won’t be pushing the security aspects of it in terms of the application. Perhaps it’s just an equity play and has nothing to do with Twitter, or perhaps they have another offering up their sleeves which isn’t public yet.

Twitter may be planning to boost its mobile security options with the acquisition of Whisper Systems, a company that offers security products for Android phones.

Whisper Systems’ offerings include WhisperCore, software that enables full disk encryption as well as management tools for Android phones. It’s free for individual users while enterprise customers pay for the software. Other Whisper Systems products include text encryption, voice encryption, firewall software and encrypted backup.

In a blog post about the acquisition, Whisper Systems didn’t say much about what Twitter might be planning to do with the technology. “Now that we’re joining Twitter, we’re looking forward to bringing our technology and our expertise into Twitter’s products and services,” the company wrote on the blog.

It said that Whisper Systems software will continue to be available but that during a transition period the company will take the products and services offline. In a forum on Whisper Systems’ website, people who are apparently unaware of the acquisition are already wondering why they can’t download products. Twitter did not reply to a request for comment about its plans for the technologies.

The only path I can see, obvious path that is, would be for Twitter to integrate the encryption technology offered by WhisperCore into the official Twitter apps – making them more secure in both storing data locally and in transmitting data over insecure networks.

I don’t see how it really offers any value though, it’s not like anyone is actually sending anything important out over Twitter – apart from the odd DM (Direct Message) I would imagine.

It’ll be interesting to see what direction they take though and if we can actually find out why this acquisition took place.

WhisperCore has a number of features designed to make up for security shortcomings in Android. For instance, WhisperCore users can selectively revoke permissions that an app requests while allowing the user to still use the app.

The software also includes a feature aimed at thwarting someone who has stolen a phone from determining the phone’s unlock code based on finger smudges on the screen. Some Android phones display rows of dots and a user unlocks the phone by dragging a finger over certain dots in a set pattern. An attacker might be able to recreate the pattern by examining finger smudges on the screen. WhisperCore displays unlock numbers in a column, so an attacker doesn’t know in which order the user hits the numbers to unlock the phone.

Earlier this year Whisper Systems released a software development kit so that developers could start building some WhisperCore features into their applications.

Few other companies are doing full disk encryption for Android, although there are many other companies taking other approaches to securing Android phones. Companies like 3LM and Good Technology offer mobile security services for enterprises. In addition, mobile device management products from companies including Sybase, BoxTone, Zenprise, Mobile Iron and Fiberlink let IT managers set basic policies like password requirement and remote wipe, and offer additional security capabilities.

The other whacky idea could be to make Twitter into a dual-functioning security product – I don’t really see how that would work though. Social Networking + Device security = confused users.

If anyone has any bright ideas as to why you think this deal took place, do drop them in the comments section below.

Source: Network World



Recent in Countermeasures:
- StegExpose – Steganalysis Tool For Detecting Steganography In Images
- Twitter Patents Technique To Detect Mobile Malware
- Passera – Generate A Unique Strong Password For Every Website

Related Posts:
- Android Malware App Covertly Makes Purchases On China Mobile Market
- Android Phones (Possibly) Hacked At Defcon On CDMA & 4G (HSPA)
- Google Removes ‘DroidDream’ Malware From Android Devices

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,146 views
- Password Hasher Firefox Extension - 117,022 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,553 views

Low-cost VPS Hosting

5 Responses to “Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones”

  1. b_i_d 29 November 2011 at 5:35 pm Permalink

    Maybe they want to broaden the spectrum of business. I can’t imagine anything having to do with the main product (Twitter) too. So maybe it’s not about the main product at all and they just want to grow into other markets?

  2. Fortunate 29 November 2011 at 7:31 pm Permalink

    Maybe it has something to do with how Twitter was used during some of the recent riots and how they were being asked to close/block certain accounts?

  3. droope 29 November 2011 at 8:15 pm Permalink

    yeap, maybe they want to make twitter a secure medium of communication for rioters and other “wrong” doers. Imho that’d be great.

  4. sabrina 30 November 2011 at 8:44 am Permalink

    I had never heard of WhisperCore before. It also makes me wonder why they’re focusing on security, specifically to this level. But it will be interesting to see how this develops. Thanks for sharing.

  5. Frood 30 November 2011 at 3:20 pm Permalink

    Could be looking to create segregated internal secure twitter-spheres to sell to corporates?