Related Links

  • Notrax
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories


Many voice encryption systems are hackable says anonymous researcher

27 January 2010

Many voice encryption products currently available are hackable through the use of a trojan being planted on the host PC, an IT security researcher has claimed.

The researcher – who goes by the name of Notrax (also the name of an anonymous web browser) – says that he has "successfully intercepted and compromised phone calls made using 12 commercially available mobile voice encryption products."

Intercepting encrypted voice transmissions on the host PC is nothing new, as the German government `floated' the idea of installing trojans back in 2007 to spy on voice and internet communications by suspected criminals.

As reported by Infosecurity at the time, the ideas were claimed as being shelved by the German government later in the year owing to a public furore – although anecdotal evidence by the Chaos Computer Club claims the trojans became reality some months later, and are allegedly being used by the German secret service.

Notrax claims that, using a $100 piece of kit and a copy of FlexiSpy – a commercial eavesdropping application for Blackberry, Symbian and Windows Mobile smartphones – plus a self-coded trojan, he can intercept the data feed from the microphone and speaker, effectively bypassing the encryption process.

Whilst Infosecurity notes this approach is similar to the use of so-called  `infinity' bugs on landline phones, what is interesting about the claims is that Notrax also says he can suppress any notifications of his actions to the user of the host PC.

Notrax describes his tests extensively at, where he has linked to some Youtube videos.

Encryption systems allegedly cracked through the use of Notrax' modus operandi included Caspertech, CellCrypt, Secure Voice and Phil Zimmerman's Zfone.

The three voice encryption systems that apparently passed the trojan intercept test with flying colours were Rohde & Schwarz's Bluephone-Secure, SecurStar's PhoneCrypt and Snapcell.

According to Wilfried Hafner, CEO of SecurStar, like most security breaches, Notrax went for the weakest link. He did not attempt to crack the encryption itself, but used simple wiretapping techniques," he said. "Unlike most of the vendors investigated, we recognised this potential security gap from the start and designed in measures to deliver complete end-to-end protection against eavesdropping," he added.

Hafner went on to say that PhoneCrypt provides military-level voice encryption for all types business, government, law enforcement and personal voice communication over mobile phones, landlines and internet telephony connections.

This article is featured in:
Biometrics  •  Encryption  •  Wireless and Mobile Security



rubixmind says:

04 August 2011
I’m kinda interested with this one. anyway, do you know any iPad spyware software that can be access and be purchased for free? Just like the Books for iPad download where you can download lots of eBooks for free..

fpietrosanti says:

31 January 2010
First fake independent security research: The SecurStar GmbH case

Ok, now we have the evidence: The research on was a fake security research arranged for a marketing campaign.

They was able cheat most journalists, bloggers and security magazines.

Read below, they leaked the IP of the anonymous author of and it's confirmed that it come from SecurStar GmbH office:

I don't remember in all my life a so irresponsible and dirty marketing trick in the security world, abusing of hackers reputations.

Evidence that is SecurStar GmbH – A fake independent research on voice crypto (by me)

Dishonest security: The SecurStart GmbH case (by me)

Debunking Infosecurityguard identity from Matteo Flora .

It's hilarious and unbelievable that a security company had done something like this.

Fabio Pietrosanti (naif)

lisabrandon says:

31 January 2010
Very good Article.

regardint the poster above i have to say something just for the records:

Fabio Pietrosanti = Shareholder of ZRTP, heheh that is why he says ZRTP is the only secure solution.... and incidentally exactly that solution has been proven to be vulnerable, so what to do next ? Try to put bad lights to the testers :-) Very very pathetic.

"The review does not consider the cryptographic strength."
Well why should it, given the encryption has been completely bypassed ?

"Of all the product reviewed no one use opensource cryptography and no one use standard cryptography. All them use "proprietary", "closed", "unknown" cryptographic system (also PhoneCrypt is proprietary...). "

What matters to me is what can be intercepted and what can not.
The fact that a code is proprietary does not mean it is weaker as another, just that you did not review it and therefore cannot comment on it. On the other hand, open source is most of the time not reviewed by third party anway.

"Only the usage of ZRTP based secure solutions could be considered secure because match the criteria of transparency for the cryptographic protocol and their implementation. "

haaha: Given that ZRTP was intercepted to me means ZRTP is not secure at all...
A phone security product is not just about encryption (and in the test none of the products where broken in terms of encryption) but it is all about voice security... and ZRTP as well as many others undoubltly failed on this.

You cannot say to an agressor... "my phone is secure BUT only if you try to attack it this way... but hey please please do not attack me any other way because this would be considered unfair as my security product was not designed for it......" :-)

fpietrosanti says:

30 January 2010

i wanted to report my analysis about that research (quite long).

Please read it, clarify a lot of things on the research.

Fabio Pietrosanti

fpietrosanti says:

29 January 2010
The review does not consider the cryptographic strength.

Of all the product reviewed no one use opensource cryptography and no one use standard cryptography.
All them use "proprietary", "closed", "unknown" cryptographic system (also PhoneCrypt is proprietary...).

All are using only "proprietary", closed and supposed to be backdoorred encryption system with:
- 0 transparency on cryptographic protocol (no one guarantee that's secure or does not contain backdoors)
- 0 transparency on cryptographic implementation (no one guarantee that the proprietary cryptographic protocol implementation is secure).

Only the usage of ZRTP based secure solutions could be considered secure because match the criteria of transparency for the cryptographic protocol and their implementation.

Unfortunately all the others cannot be considered "secure" as cryptographic require transparency.

Read more about cryptography for voice encryption protocol review here :

Fabio Pietrosanti

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×