http://news.techworld.com/security/3211263/leading-voice-encryption-programs-hacked-in-minutes/ By John E. Dunn Techworld 27 January 10 Most voice encryption systems can be tapped in minutes by installing a voice-recording Trojan on the target computer, a security researcher has confirmed after testing a range of well-known products. Although this type of attack has been known about for some time, the scale of the issue uncovered by researcher 'Notrax' is still surprising. In all, the unnamed engineer was able to intercept calls made using twelve popular encryption programs and hardware systems using an easily available $100 wiretapping utility called FlexiSPY. This tapped the voice stream in real time before any encryption was applied to the data. The researcher then refined the principle of FlexiSPY into a custom-written Trojan that could record both the microphone and speaker and capture any conversation into a file for retrieval later on. Crucially, both attacks were able to carry out their work undetected by suppressing all rings, notifications and call logs. Programs and hardware systems beaten included Zfone/ZRTP, Secure Voice, Caspertech, and even the well-regarded GSM handset security system from UK company Cellcrypt. Only three products resisted the simple attack, an unnamed Rohde & Schwarz Bluetooth device, PhoneCrypt from German company SecurStar, and a hardware product from SnapCell. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Thu Jan 28 2010 - 02:02:47 PST
This archive was generated by hypermail 2.2.0 : Thu Jan 28 2010 - 02:14:36 PST