New Android Apps for Wiretap-proof Communications

By JDavis | 6/6/10 8:32 AM

Just released for public beta, two new apps promise wiretap-proof communications for wary users of Android-based smartphones. Developed for Google's Android mobile platform by hacker Moxie Marlinspike and his startup Whisper Systems, the "RedPhone" app encrypts calls made over VoIP using ZRTP, an open source cryptography scheme. Their "TextSecure" app employs a similar open source cryptography method known as "Off The Record" to send and receive scrambled text messages. As he described in a recent blog posting, Marlinspike intends for the apps to be used in place of Android phones' built-in calling and texting systems, thereby subverting insecure communication systems.

Read More >

Create Your Own Cellphone Network

By JDavis | 5/2/10 10:29 AM

While most of us depend on major carriers for cell phone service, it is now possible to create small GSM networks for relatively little expense using parts that can be found at many hardware stores. Within these networks callers can communicate between handsets on a local level, and on an internet-enabled system calls can be made over VoIP.

Read More >

Thousands of Unsecured Devices Found

By JDavis | 10/26/09 7:25 AM

Columbia University researchers scanning the internet have discovered approximately 21,000 devices (including webcams, VoIP products and routers) that are completely vulnerable to remote attack.

Read More >

Skype VoIP: Who's listening in?

By JDavis | 9/20/09 7:30 PM

Described as the first ever "wiretap Trojan," a new virus that can eavesdrop on calls made with the popular Voice over Internet Protocol (VoIP) service Skype is raising concerns about the the security of personal computer-driven telecommunications and the prevalence of surveillance in the ecosystem of this increasingly popular technology.

Read More >

2009's Five Most Dangerous Attacks

By JDavis | 5/3/09 6:25 PM

Hackers continue to penetrate many more companies than administrators care to admit, according to two security experts at the RSA Conference. More interesting to our community, however, is the fact that four of the five attacks on the list are infected via devices, instead of Windows PCs.

Read More >

25C3: Serious Security Vulnerabilities in DECT Wireless Telephony

By JDavis | 1/12/09 2:03 PM

Security experts at the 25th Chaos Communication Congress (25C3) in Berlin explain how easy it is to eavesdrop on calls using telephones based on DECT (Digital Enhanced Cordless Telecommunication), the world’s most popular wireless telephony protocol.

According to researchers, all that's required is a souped-up ($30) VoIP laptop card and a Linux computer.

The algorithms used are hard wired into the devices and are not publicly disclosed. The keys used do not leave the originating network. As Erik Tews, one of the researchers from the Technical University of Darmstadt, involved in the discovery explained, in theory this all seems perfectly sound. In practice, however, there are various ways of getting around this and various attack points.

According to co-researcher Matthias Wenzel, having previously built a very expensive DECT sniffer, which required very high processing power, the team found an alternative hardware set-up for intercepting the data traffic in the form of the ComOnAir PCMCIA card. After just under a month of reverse engineering, reconstruction of the circuit diagram, hunting down the firmware and soldering on a few additional circuits, the goal of creating a sniffer that could be used from a car parked in front of a house, was achieved.

Read full story.

Read More >