There's an app for that!
People who use public WiFi to make iPhone calls or conduct video conferences take heed: It just got a lot easier to monitor your conversations in real time. At a talk scheduled for Saturday at the Toorcon hacker conference in San Diego, two security researchers plan to show the latest advances in the open-source UCSniff tool …
...that this eavesdropping tool only works on parties who are in violation of their carrier contract, if I read the article correctly, and it's not specifically a failure of the Jesus Phone, but of mobile VoIP in general, regardless of the device used. Still, I can't wait to read the inevitable plethora of remarks on how the hardware is to blame instead of the brainless misuse of the software which is targeted by the sniffer.
The article appears to be muddling the use of the two techs. It is about listening to realtime VOIP over WiFi, not a regular phone's data connection via 3G, for example. The people at risk are not only saving money by using VOIP, but by also not using their data connection at all.
At Defcon they showed how they could intercept voice and video calls between Cisco IP phones, inject video into the conversation, and do one of those replay loops that you always see in the movies to fool security guards. Lets hope that their Toorcon presentation isn't filled with the same dreary details of installing some driver in Windowsas the middle 20 minutes of the Defcon talk was.
Good in theory, difficult in practice.
Unless the hardware has built in crypto silicon then you are forced to use the handsets GP CPU with software crypto.
Then you have to choose between crippling power drain due to high cpu usage or less than stellar algorithms making interception that much easier.
Biting the hand that feeds IT © 1998–2019