Accusations Fly Over Voice Encryption Hack

By John E. Dunn
CSO Online
February 02, 2010

German encryption firm SecurStar has strenuously denied being behind an apparently independent test of voice encryption products that found many of its rivals could be hacked using a $100 phone-tapping program.

In a blog on the subject, Fabio Pietrosanti, founder and CTO of Swiss encryption startup Khamsa, alleges that a supposedly independent test of
15 encryption products was in fact a marketing exercise designed to publicise one of only three products to pass the hacking test, SecurStar's PhoneCrypt.

The tests by an anonymous researcher, 'Notrax', found that all but three programs and hardware products looked at could be bypassed by installing a simple wiretapping Trojan called FlexiSPY to record voice output without the programs giving the user any indication that security had been compromised.

Khamsa's own GSM security software was not part of the test but the encryption technology it uses, ZRTP, came in for criticism. The moving force behind that system and its implementation in a program called Zfone is encryption pioneer and inventor of Pretty Good Privacy, Phil Zimmermann, who is also listed as being on Khamsa's scientific board.

According to Pietrosanti, the unnamed 'Notrax' was subsequently traced to an IP address connected to SecurStar after the individual followed a link embedded in a blog Pietrosanti had posted.