Sunday, May 18, 2008

The Geek Chorus Wails, "Beware VoIP. Shun GSM."

"Be careful what you say over that mobile phone or VoIP system."
The most widely used mobile phone standard, GSM, is so insecure that it is easy to track peoples' whereabouts and with some effort even listen in on calls, a security expert said late on Saturday at the LayerOne security conference.

"GSM security should become more secure or at least people should know they shouldn't be talking about (sensitive) things over GSM," said David Hulton, who has cracked the encryption algorithm the phones use. "Somebody could possibly be listening over the line."

For as little as $900, someone can buy equipment and use free software to create a fake network device to see traffic going across the network...

VoIP systems based on open standards are not encrypting the traffic, which leaves them at risk for eavesdropping, forged or intercepted calls and bogus voice messages, he said, adding that there are numerous tools for doing that, with names like "Vomit" and "Cain and Abel." (more)