The Rohde & Schwarz device interfaces pre-audio, so no unencrypted audio
reaches the phone. Hence, with the R&H Flexispy will forward encrypted audio
to the anyone listening in... Pretty solid model. At RSA this year, I
selected the Rohde & Schwarz TopSec as one of my top 5 picks for the most
interesting items at the show.
-----Original Message-----
From: tscm-..._at_googlegroups.com [mailto:tscm-..._at_googlegroups.com] On
Behalf Of Eric Schmiedl
Sent: Thursday, January 28, 2010 8:31 PM
To: TSCM-..._at_googlegroups.com
Subject: [TSCM-L] {4613} Bypassing voice encryption on cell phones
(including CryptoPhone)
from Slashdot. Not so much a full break, as a demonstration of what an
adversary can do by installing rogue software on a phone. (Of course,
JMA's explained before how many phone models can have new software
installed silently, over-the-air.)
http://infosecurityguard.com/?p=26
"I installed FlexiSpy on the cryptophone and would later call it from my
3rd party phone to activate the listening mode. (Again, the user has no
idea). FlexiSpy silently picks up my phone call and allows me to
eavesdrop undetected. If the user has a call in progress (even if it is
encrypted!), I am able to hear anything being said into the microphone.
[...]
on my own Trojan I was able to resolve this, and was able to capture
the conversation in full duplex even with an encrypted call in progress.
Rohde & Schwarz (TopSec) & PhoneCrypt successfully blocked these attacks
as their architecture prevented the attack.
[...] PhoneCrypt actually alerted me when it detected my Trojan and
FlexiSpy respectively which was pretty cool."
Full table of tested products:
http://infosecurityguard.com/?p=28
--
You received this message because you are subscribed to the Granite Island
Group "TSCM-L Professionals List" group which is the oldest, and the largest
TSCM group on Earth. To post to this group, send E-Mail to
TSCM-..._at_googlegroups.com, to contact the list owner and moderator please
send an E-Mail message to jm..._at_tscm.com.
This group is sponsored by Granite Island Group to improve the profession of
hunting spies, and to educate the security industry in the craft of
technical counter-intelligence. Granite Island Group performs bug sweeps
like it's a full contact sport; we take no prisoners, we don't play fair,
and we give no quarter. Our professional goal is to simply, and completely
stop the spy.
Granite Island Group Offers World Class, Professional, Ethical, and
Competent Bug Sweeps, and Wiretap Detection using Sophisticated Laboratory
Grade Test Equipment.
Received on Sat Mar 02 2024 - 00:57:27 CST