back to article Many voice encryption systems easily crackable

A vast majority of voice encryption products are seriously flawed, according to controversial tests by an anonymous hacker. Using the commercially available FlexiSpy wiretapping utility and a 'homemade' Trojan, Notrax (the anonymous hacker's nickname) claims to have defeated 11 out of 15 voice encryption technologies in tests …

COMMENTS

This topic is closed for new posts.
  1. Haff
    Grenade

    What is a Landmine phone ?

    No realy i am intrigued

  2. jnievele
    Grenade

    Uh...

    Just wondering - what is a "landmine phone", and aren't they banned in the UK? ;-)

  3. Soruk
    WTF?

    Landmine phone...?

    I'm not sure I even want to know how you'd use one. I certainly wouldn't want to be anywhere near it.

  4. Anonymous Coward
    FAIL

    Misleading

    This isn't about cracking encryption at all. This is about a script kiddy installing a trojan on a bunch of phones that allowed him to intercept the voice signal, on the phone, (and this bit is important) _before_ it was encrypted. The only reason that any of the phones "passed" the test is that the "hacker" wasn't able to install his trojan on them.

    This _might_ be newsworthy if there were a reasonable infection vector for the trojan, but as it is it's no better than scaremongering.

    You seriously need to lift your game when reporting this kind of stuff. It's getting like the Daily Mail around here.

  5. Paranoid Consultant
    Joke

    landmine phone?

    is that a fat fingered landline phone? Or a phone you bury in the garden and it rings you when the cat walks over it?

  6. Sarah Bee (Written by Reg staff)

    Re: landmine phone?

    Yes yes it's been fixed now but oh look at you all so funny with your clever.

    Sigh.

    1. Stone Fox
      WTF?

      erm...?

      "so funny with your clever."

      Is this terrible english or is it just me? Should it have had the word 'jokes' on the end mayhaps?

  7. Sarah Bee (Written by Reg staff)

    Re: erm...?

    No. I was playing with language. It's what you can do when you're good.

    1. J. Cook Silver badge
      Joke

      Sort of like this I reckon.

      My favorite response to grammer and speling nazis is the following phrase which is guarenteed to make people cranky:

      'ey kun spel reel gud. huked ahn fonix wurks fer meh.' Every word is mis-speled, yet if you read it out loud using standard english ( American or the Queen's own) it comes out right.

      (and yes, I intentionally mis-speled the various forms of the word 'spell'. intentional mis-spelling is hard!)

  8. Anonymous Coward
    Paris Hilton

    Astroturfing

    I read the blog but this “security review” is surprisingly misleading and also its origins look highly suspicious to me.

    The blog claims to review "voice encryption" products and that they were cracked, but its obvious that it does not show that, it just installs a trojan on a device that listens to the microphone. Big deal, any security pro knows that once you have root access on a device you can subvert any OS.

    This terrific new trojan could be thwarted by novel technology such as, say, a PIN code on the device.

    My suspicions about the origins are raised not only by the anonymity and age of the blog but because I saw that Phonecrypt are peddling this, even going as far as issuing a press release, which I think is strange for a security company as the blog is so obviously misleading.

    I think that this is a set up. Did some digging on who these guys are and found out that the person behind the PhoneCrypt is  Wilfried Hafner aka "Luzifer" who served 3 years in a German jail for theft and fraud. So no surprise he is hiding behind a fake blog.

    We all know that a trojan can take control over a device, but it doesn’t necessarily mean that it can crack any encryption.

    Rubbish blog, if you ask me. But I saw this on slashdot, which sums it up nicely:

    http://yro.slashdot.org/story/10/01/28/2317254/80-of-Cell-Phone-Encryption-Solutions-Insecure?art_pos=8

    "I just posted the following comment on this asshole's website:

    Your article is totally misleading.

    You say that you managed to prove those products insecure.

    Well, YOU DIDN'T. The intention of all the products you mentioned is to provide encryption?to protect you from someone intercepting your phone call. You didn't test any of this.?You just directly accessed the mic on the cellphone. Well, off course you'll get the audio!!

    A little analogous situation to better explain what you did:

    I will prove that this high security reinforced door is totally insecure. I'll get in the house through?the window. Oh No! It worked, I'm inside the house and I didn't even touch the door! Those doors?are Insecure!

    That's exactly what you did. Those systems encrypt your voice. Your call is secure from interception.?If you knew anything about security, you would know this: Physical access is total access.

    You had PHYSICAL access to the phone. Well, off course you where able to "crack" it. Guess what??You could have manually connected the mic cables to an mp3 recorder for all I cared.

    It's like saying "I am going to prove that this OpenBSD-based firewall is insecure, but connecting?to the machines behind the firewall with this directly with this ethernet crossover cable".

    So, are you really that naive, or you have financial interests in some phone crypto technology?"

    Paris cause even her can use a PIN code.

  9. Anonymous Coward
    Anonymous Coward

    Is this only a securstar marketing?

    Read the phonecrypt review on their website...

    It's not a security testing but more a marketing review.

    Read "between the lines", has not been written by a serious tester with the same "approach" used for other products.

    But it used a "marketing oriented" language.

    Be careful about the reliability of those reviews!

  10. Anonymous Coward
    Grenade

    Yes, and I'm so good at programming I write code which doesn't compile.

    Shooting the messenger(s) and then playing the "literate smart arse*" card after being pulled up for bad spelling? How's that panning out?

    You'd have given a better account of yourself had you bit your tongue... still, don't let that detract you from having the last word.

  11. Fabio Pietrosanti

    Analysis of the research project results

    Hi,

    i wanted to report my analysis about that research (quite long).

    http://infosecurity.ch/20100130/about-the-voice-encryption-analysis-phonecrypt-can-be-intercepted-serious-security-evaluation-criteria/

    Please read it

    Fabio Pietrosanti

This topic is closed for new posts.