Just released for public beta, two new apps promise wiretap-proof communications for wary users of Android-based smartphones. Developed for Google's Android mobile platform by hacker Moxie Marlinspike and his startup Whisper Systems, the "RedPhone" app encrypts calls made over VoIP using ZRTP, an open source cryptography scheme. Their "TextSecure" app employs a similar open source cryptography method known as "Off The Record" to send and receive scrambled text messages. As he described in a recent Forbes.com blog posting, Marlinspike intends for the apps to be used in place of Android phones' built-in calling and texting systems, thereby subverting insecure communication systems.Read More >
While most of us depend on major carriers for cell phone service, it is now possible to create small GSM networks for relatively little expense using parts that can be found at many hardware stores. Within these networks callers can communicate between handsets on a local level, and on an internet-enabled system calls can be made over VoIP.Read More >
Described as the first ever "wiretap Trojan," a new virus that can eavesdrop on calls made with the popular Voice over Internet Protocol (VoIP) service Skype is raising concerns about the the security of personal computer-driven telecommunications and the prevalence of surveillance in the ecosystem of this increasingly popular technology.Read More >
Hackers continue to penetrate many more companies than administrators care to admit, according to two security experts at the RSA Conference. More interesting to our community, however, is the fact that four of the five attacks on the list are infected via devices, instead of Windows PCs.Read More >
Security experts at the 25th Chaos Communication Congress (25C3) in Berlin explain how easy it is to eavesdrop on calls using telephones based on DECT (Digital Enhanced Cordless Telecommunication), the world’s most popular wireless telephony protocol.
Read More >
According to researchers, all that's required is a souped-up ($30) VoIP laptop card and a Linux computer.
The algorithms used are hard wired into the devices and are not publicly disclosed. The keys used do not leave the originating network. As Erik Tews, one of the researchers from the Technical University of Darmstadt, involved in the discovery explained, in theory this all seems perfectly sound. In practice, however, there are various ways of getting around this and various attack points.
According to co-researcher Matthias Wenzel, having previously built a very expensive DECT sniffer, which required very high processing power, the team found an alternative hardware set-up for intercepting the data traffic in the form of the ComOnAir PCMCIA card. After just under a month of reverse engineering, reconstruction of the circuit diagram, hunting down the firmware and soldering on a few additional circuits, the goal of creating a sniffer that could be used from a car parked in front of a house, was achieved.