[ISN] Accusations Fly Over Voice Encryption Hack

From: InfoSec News <alerts_at_private>
Date: Wed, 3 Feb 2010 00:15:50 -0600 (CST)
http://www.csoonline.com/article/528418/Accusations_Fly_Over_Voice_Encryption_Hack

By John E. Dunn
CSO Online
February 02, 2010

German encryption firm SecurStar has strenuously denied being behind an 
apparently independent test of voice encryption products that found many 
of its rivals could be hacked using a $100 phone-tapping program.

In a blog on the subject, Fabio Pietrosanti, founder and CTO of Swiss 
encryption startup Khamsa, alleges that a supposedly independent test of 
15 encryption products was in fact a marketing exercise designed to 
publicise one of only three products to pass the hacking test, 
SecurStar's PhoneCrypt.

The tests by an anonymous researcher, 'Notrax', found that all but three 
programs and hardware products looked at could be bypassed by installing 
a simple wiretapping Trojan called FlexiSPY to record voice output 
without the programs giving the user any indication that security had 
been compromised.

Khamsa's own GSM security software was not part of the test but the 
encryption technology it uses, ZRTP, came in for criticism. The moving 
force behind that system and its implementation in a program called 
Zfone is encryption pioneer and inventor of Pretty Good Privacy, Phil 
Zimmermann, who is also listed as being on Khamsa's scientific board.

According to Pietrosanti, the unnamed 'Notrax' was subsequently traced 
to an IP address connected to SecurStar after the individual followed a 
link embedded in a blog Pietrosanti had posted.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Feb 02 2010 - 22:15:50 PST

This archive was generated by hypermail 2.2.0 : Tue Feb 02 2010 - 22:24:38 PST