By John E. Dunn
February 02, 2010
German encryption firm SecurStar has strenuously denied being behind an
apparently independent test of voice encryption products that found many
of its rivals could be hacked using a $100 phone-tapping program.
In a blog on the subject, Fabio Pietrosanti, founder and CTO of Swiss
encryption startup Khamsa, alleges that a supposedly independent test of
15 encryption products was in fact a marketing exercise designed to
publicise one of only three products to pass the hacking test,
The tests by an anonymous researcher, 'Notrax', found that all but three
programs and hardware products looked at could be bypassed by installing
a simple wiretapping Trojan called FlexiSPY to record voice output
without the programs giving the user any indication that security had
Khamsa's own GSM security software was not part of the test but the
encryption technology it uses, ZRTP, came in for criticism. The moving
force behind that system and its implementation in a program called
Zfone is encryption pioneer and inventor of Pretty Good Privacy, Phil
Zimmermann, who is also listed as being on Khamsa's scientific board.
According to Pietrosanti, the unnamed 'Notrax' was subsequently traced
to an IP address connected to SecurStar after the individual followed a
link embedded in a blog Pietrosanti had posted.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News