Feeds

Many voice encryption systems easily crackable

Malware will shut your yap

Beginner's guide to SSL certificates

Updated A vast majority of voice encryption products are seriously flawed, according to controversial tests by an anonymous hacker.

Using the commercially available FlexiSpy wiretapping utility and a 'homemade' Trojan, Notrax (the anonymous hacker's nickname) claims to have defeated 11 out of 15 voice encryption technologies in tests. Notrax claims he was able to use malware trickery to bypass product encryption and eavesdrop on captured conversations in real time.

By suppressing any rings, notifications or call logs, these approaches illustrated by Notrax could potentially escape detection. Delivery of the Trojans could be accomplished by tricking a prospective victim into opening a booby-trapped message to their mobile or by manual installation.

However, GSMK Cryptophones, one vendor whose product security was called into question by the tests argues the hack could only be accomplished by artificially reducing the security of its product (see statement below). GSMK Cryptophones' objections raise wider questions about the fairness of the whole exercise.

Notrax published his conclusions at infosecurityguard.com here, before starting the ongoing publication of details for each of his 15 tests, some of which he has illustrated via videos posted on YouTube.

The only products to come unscathed through the tests were Rohde & Schwarz's Bluephone-Secure, SnapCell and PhoneCrypt. The jury is still out on Tripleton but the other 11 products tested, costing hundreds to thousands of dollars, all failed to thwart an attack based on FlexiSpy (which costs $100) and a custom Trojan.

A summary of Notrax's tests can be found here. Products that Notrax alleged cracked include CellCrypt and Phil Zimmerman's Zfone.

Of the three products that achieved a passing grade, only PhoneCrypt is software-based.

Hacker turned security reporter Steve Gold notes Notrax's approach is similar to the use of so-called `infinity' bugs on landline phones. Gold, writing for Infosecurity Magazine also reports that law enforcement, in particular the German government, have been interested in the use of Trojans to intercept voice communications, although that approach focused on eavesdropping on encrypted VoIP via the host PC.

Notrax's hacks, by contrast, also cover handsets but some of the same principles apply. Dan Kaminsky, noted security researcher of DNS cache poisoning fame, told El Reg: "Code execution is code execution. This ought not be surprising."

Wilfried Hafner, chief exec of SecurStar, the developers of PhoneCrypt, commented: "Like most security breaches, Notrax went for the weakest link; he did not attempt to crack the encryption itself, but used simple wiretapping techniques."

PhoneCrypt said its use of a monitor to detect if any application tries to access a resource or service during a phone call before shutting it down and providing a warning to users helped it defeat Notrax's hack. ®

Updated

GSMK Cryptophones, one of the products those security was called into question by the tests, argues that the hack relied on deliberately reducing the security settings on a device, a complex process. The firm is frustrated that it has not been able to contact Notrax directly in order to challenge the validity of his tests.

The default level of ‘high security’ on all GSMK Cryptophones would prevent the attack from taking place. The only way for this attack to occur, or indeed for any third party software to be installed on the phone, would be to lower the security settings on the device, in itself an involving task which demands the user undergo several processes.

The company conducts ongoing rigorous testing to ensure users are protected against the latest technologies designed to intercept encrypted products and has always been transparent in publishing details of its encryption capabilities.

It has not been possible to address the claims directly as the testing has been conducted by an anonymous source and the site does not detail any contact information.

The timing of the test occurs in the run-up to the Mobile World Congress in Barcelona next month, the mobile industry's biggest showcase. Suggestions of security problems involving voice encryption products therefore comes at the worst possible time for the vendors involved.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.