People who use public WiFi to make iPhone calls or conduct video conferences take heed: It just got a lot easier to monitor your conversations in real time. At a talk scheduled for Saturday at the Toorcon hacker conference in San Diego, two security researchers plan to show the latest advances in the open-source UCSniff tool for …
There's an app for that!
One might note...
...that this eavesdropping tool only works on parties who are in violation of their carrier contract, if I read the article correctly, and it's not specifically a failure of the Jesus Phone, but of mobile VoIP in general, regardless of the device used. Still, I can't wait to read the inevitable plethora of remarks on how the hardware is to blame instead of the brainless misuse of the software which is targeted by the sniffer.
Radio, by it's very nature is public. No one in their right mind would have any expectation of privacy for an unencrypted broadcast. However, most WiFi users might be surprised to get a QSL request.
Reads like a Sensationalist Sun article this. It's not particularly an iPhone issue, more an application issue. This could apply to any VOIP app on any platform without encryption.
It's just lazy coding and poor checking on the apps store in the iPhones case.
What shall we call it?
Not all VOIP is over wireless
The article appears to be muddling the use of the two techs. It is about listening to realtime VOIP over WiFi, not a regular phone's data connection via 3G, for example. The people at risk are not only saving money by using VOIP, but by also not using their data connection at all.
Where is the "FUDvertising" label?
Company that plans to sell encrypted VOIP app for iPhone announces that unnamed VOIP app that doesn't have encryption, on a smartphone that may or may not be an iPhone, can be intercepted?
For a VoIP app to NOT provide encryption is not only stupid, it's criminally irresponsible these days. In today's world, the people who make such design decisions should just be jailed and the key thrown away, for the protection of everyone else.
Sounds more or less like Defcon, but with added wifi
At Defcon they showed how they could intercept voice and video calls between Cisco IP phones, inject video into the conversation, and do one of those replay loops that you always see in the movies to fool security guards. Lets hope that their Toorcon presentation isn't filled with the same dreary details of installing some driver in Windowsas the middle 20 minutes of the Defcon talk was.
Good in theory, difficult in practice.
Unless the hardware has built in crypto silicon then you are forced to use the handsets GP CPU with software crypto.
Then you have to choose between crippling power drain due to high cpu usage or less than stellar algorithms making interception that much easier.