back to article Hotspot sniffer eavesdrops on iPhone in real-time

People who use public WiFi to make iPhone calls or conduct video conferences take heed: It just got a lot easier to monitor your conversations in real time. At a talk scheduled for Saturday at the Toorcon hacker conference in San Diego, two security researchers plan to show the latest advances in the open-source UCSniff tool …

COMMENTS

This topic is closed for new posts.
  1. gollux
    FAIL

    Cool!

    There's an app for that!

  2. stizzleswick
    Stop

    One might note...

    ...that this eavesdropping tool only works on parties who are in violation of their carrier contract, if I read the article correctly, and it's not specifically a failure of the Jesus Phone, but of mobile VoIP in general, regardless of the device used. Still, I can't wait to read the inevitable plethora of remarks on how the hardware is to blame instead of the brainless misuse of the software which is targeted by the sniffer.

  3. Ole Juul

    Include SASE

    Radio, by it's very nature is public. No one in their right mind would have any expectation of privacy for an unencrypted broadcast. However, most WiFi users might be surprised to get a QSL request.

  4. Anonymous Coward
    Headmaster

    Hmmmm...

    Reads like a Sensationalist Sun article this. It's not particularly an iPhone issue, more an application issue. This could apply to any VOIP app on any platform without encryption.

    It's just lazy coding and poor checking on the apps store in the iPhones case.

  5. Paul Gray

    What shall we call it?

    iSpy?

  6. Oddbod

    Not all VOIP is over wireless

    The article appears to be muddling the use of the two techs. It is about listening to realtime VOIP over WiFi, not a regular phone's data connection via 3G, for example. The people at risk are not only saving money by using VOIP, but by also not using their data connection at all.

  7. jubtastic1
    FAIL

    Where is the "FUDvertising" label?

    Company that plans to sell encrypted VOIP app for iPhone announces that unnamed VOIP app that doesn't have encryption, on a smartphone that may or may not be an iPhone, can be intercepted?

  8. raving angry loony

    idiots.

    For a VoIP app to NOT provide encryption is not only stupid, it's criminally irresponsible these days. In today's world, the people who make such design decisions should just be jailed and the key thrown away, for the protection of everyone else.

  9. Nexox Enigma

    Sounds more or less like Defcon, but with added wifi

    At Defcon they showed how they could intercept voice and video calls between Cisco IP phones, inject video into the conversation, and do one of those replay loops that you always see in the movies to fool security guards. Lets hope that their Toorcon presentation isn't filled with the same dreary details of installing some driver in Windowsas the middle 20 minutes of the Defcon talk was.

  10. Goat Jam
    Headmaster

    Mobile encryption

    Good in theory, difficult in practice.

    Unless the hardware has built in crypto silicon then you are forced to use the handsets GP CPU with software crypto.

    Then you have to choose between crippling power drain due to high cpu usage or less than stellar algorithms making interception that much easier.

This topic is closed for new posts.

Other stories you might like