[VOIPSEC] Evaluation of voice cracking analysis

Dustin D. Trammell dtrammell at breakingpoint.com
Sun Jan 31 20:30:27 GMT 2010

On Sat, 2010-01-30 at 15:51 +0100, Fabio Pietrosanti (naif) wrote:
> i don't know how many of you have read about the analysis done on http://infosecurityguard.com 
>   .

I actually came across an article about the research and didn't bother
to go read the research itself because at first impression, my thought
was "Well duh, you're capturing the audio directly from the compromised
system's audio devices, before it gets encrypted by the application...
This is well known."  Perhaps there's some nuance I'm missing, because
as I said I didn't go read the actual research, but from the overview
given in the article it didn't sound worth the time.

The only thing that DID sound interesting in the article that I read was
that a few of the products tested apparently detected attempts to
eavesdrop on the audio via the local system devices and alerted the user
to it.  Good for those particular products for going the extra mile, but
you really can't expect your communications to and from your system to
be secure when your entire system has been compromised.

And as I said, anyone that has been working in this field for any period
of time at all already knows this is a possible attack vector.  Along
the same adage that "Physical access == root access", "root access ==
full control of applications and devices".

Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.

More information about the Voipsec mailing list