For those of you that use voice encryption products on mobile phones the last thing you would expect is for it to be easily decrypted and intercepted. You may have shelled out good coin for your application and rely upon it for your intellectual security, but what if that security was not as tight as you had imagined, what if a readily available wiretapping utility attainable by anyone, and a simple Trojan slipped on to your device could compromise all of your calls?
Blogger, hacker and IT security expert Notrax, has done just that. For his own safety we will not reveal his name, however, Notrax has discovered that 12 commercially available mobile voice encryption products can be intercepted and compromised using a little ingenuity and creativity as he has carefully detailed on his website.
He tested 15 voice encryption products in total, 12 of them were “worthless”. It’s easy to take the software at face value when it “tells you” that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.
Secure means that Notrax did not manage to crack it. It does not mean that someone else would not be able to crack it.
These calls can be tapped by anyone that has basic technical skills or the money to back up such an endeavour. “Statistics show Government agencies on average conduct 50,000 legal wiretaps per year (legal= those where a court order is required), (Let’s not forget Echelon) another 150,000 phones are illegally tapped by private detectives, spouses and boyfriends and girlfriends trying to catch a potential cheater. Another estimate shows up to 100,000 phones are wiretapped by companies and private industry in some form of industrial espionage. It is happening and it is a big business.”
The ones that made it were PhoneCrypt. It provides military grade technology to secure phone conversations in real time. Also, PhoneCrypt’s active protection agent monitors calls to protect against eavesdropping and wiretapping. Out of the three survivors, only PhoneCrypt’s solution was software-based.
SnapCell was safe, it’s a private encryption device that snaps on to your mobile, they claim to protect your mobile voice, fax and data communications from wiretapping, eavesdropping and line interference. SnapCell’s website has been offline since January 21st for unknown reasons.
TopSec Mobile was also secure, it’s a voice encryption device that can be connected to almost any mobile phone using Bluetooth. The encryption is embedded in the TopSec Mobile hardware to avoid the susceptibility of GSM phones to manipulation.
If you are not using one of the above three voice encryption technologies, you may want to be on the lookout for a new solution. Although these applications cracked are not entirely secure, it would take much effort to bypass them, like having the attacker be able to load software or a trojan on your phone without you knowing. It’s similar to a credit card, so as long as you keep it with you in a secure place you should be fine for the most part.
Check the complete list over at InfoSecurityGuard.com.