Leading voice encryption programs hacked in minutes

Leading voice encryption programs hacked in minutes
Leading voice encryption programs hacked in minutes 

By John E. Dunn 
27 January 10

Most voice encryption systems can be tapped in minutes by installing a 
voice-recording Trojan on the target computer, a security researcher has 
confirmed after testing a range of well-known products.

Although this type of attack has been known about for some time, the 
scale of the issue uncovered by researcher 'Notrax' is still surprising. 
In all, the unnamed engineer was able to intercept calls made using 
twelve popular encryption programs and hardware systems using an easily 
available $100 wiretapping utility called FlexiSPY. This tapped the 
voice stream in real time before any encryption was applied to the data.

The researcher then refined the principle of FlexiSPY into a 
custom-written Trojan that could record both the microphone and speaker 
and capture any conversation into a file for retrieval later on. 
Crucially, both attacks were able to carry out their work undetected by 
suppressing all rings, notifications and call logs.

Programs and hardware systems beaten included Zfone/ZRTP, Secure Voice, 
Caspertech, and even the well-regarded GSM handset security system from 
UK company Cellcrypt. Only three products resisted the simple attack, an 
unnamed Rohde & Schwarz Bluetooth device, PhoneCrypt from German company 
SecurStar, and a hardware product from SnapCell.


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods