Category Archives: technology

Low Liability - Reduced Abuses Tor Exit Nodes

In 2011 i’ve experimented running a Tor Exit by reducing my liability, by reducing the source of abuses.

During those years I’ve been looking at different scenarios, I’ve to admit not always in-line with the Tor Ethical Research Guidelines, posting various ideas on tor-talk mailing list, irc channel and opening up single trac ticketing features.

In particular the following tickets has been opened for this specific purposes:

So the proposed policy to reduce the liability and abuses is following those steps::

  1. Block most outgoing web attacks without causing harms to regular traffic - Reduce automated abuses sent because of hacking attempt
  2. Block most outgoing peer to peer traffic that’s highly likely generating - Reduce automated abuses sent because of DMCA and Copyright Infrigment
  3. Block traffic going to the countries of origin of your residences - Improve your personal legal resiliency against simple mistake done by local law enforcement agencies
  4. Block most outgoing portscan without causing harms to regular traffic - Reduce automated abuses sent because of hacking attempt

It would also be possibile to follow a whitelisting approach, rather than a blacklisting one:

  1. Route whitelisted traffic going trough major internet company directly (let’s assume represent top tor destination, being normally top internet destination of traffic)
  2. Divert non-whitelisted traffic back into Tor network with 1-hop link trough a high speed gateway

Those methods could enable volunteers to run Tor Exit Relay rather than just Tor Relay with no-exit policy also on budget VPS. Budget VPSs usually provide a tons of bandwidth but disconnect and block your account after the very first abuses related to your IP touch their ticketing system, and for that reason it’s nearly impossible to run Tor Exit Relay on it.

Each of the steps previously defined can now be technically experimented thanks to the new OutboundBindAddressExit settings that would enable to “manipulate” (but with a good intention) Tor Exit Traffic easily.

Very particular care should be taken by defining in advance how to avoid disrupting Tor Exit traffic and determining if it effectively happened and why.

That experimenting should be done by publishing transparently what’s being done and where, because manipulating Tor Exit Traffic is against any Tor Community Standards or Ethics Research Guideline.

The effective willingness to do that experiments means accepting critics and incorporating each of the critics back into the hacking of the methodology being tested.

It also means accepting that the Tor Directory Authority operators may just find this behaviour unacceptable and by majority of consensus promote to block and kick-out that Tor Exit Relay from the Tor Network.

I’d love that people would pick it up the various challenges posed by those kind of setup and start testing it. Otherwise with enough Sundays, I’ll do that and document success and failures! :-)

Ah, that’s a blog post done in 2017 with my last blog post being from 2011…. maybe I’m getting back writing thoughts on blog rather than spending those time on social media?

RFC 6189: ZRTP is finally a standard!

Finally ZRTP has been assigned an official RFC assignment, RFC6189 ZRTP: Media Path Key Agreement for Unicast Secure RTP.

It had as a dependency the SRTP with AES key size of 256bit that now has been defined as RFC6188.

It’s exciting to see the RFC finally released, as it’s an important milestone to set ZRTP as the official standard for end-to-end encryption much like PGP has been for emails.

Now any organization in the world will be officially able to implement ZRTP for end-to-end protocol voice encryption

Currently 3 different public implementations of ZRTP protocol exists:

Each of them provide different features of the protocol, but most important are known to be interoperable.

A new wave is coming to the voice encryption world, irrupting into a gray area where most of the companies doing phone encryption systems has been implementing custom encryption.

Now a standard has been setup and there are few reasons left to implementing something different.

Hurra Mr. Zimmermann and all the community of companies (like PrivateWave) and individuals (like Werner Dittmann) that worked on it!

Today it’s a great day, such kind of technology is now official and also with multiple existing implementation!

Philip, you did it again, my compliments to your pure spirit and determination :-)

My TOR exit node experience trying to filter out noisy traffic

Early this year i decided that’s time to run a TOR exit node so i brought a VPS at (because they are listed as a Good TOR ISP)and setup the exit-node with nickname with a 100Mbit/s connection for first 1TB of monthly data, then 10MBit/s flat.

It also run TOR2WEB software on .

I setup the exit-policy as suggested by running exit-node with minimal harassment and prepared an abuse response template.

In the first day i’ve been running the node i received immediately DMCA complain due to peer to peer traffic.

So i decided to filter-out some P2P traffic by using OpenDPI iptables module and DMCA complain automatically disappeared:

iptables -A OUTPUT -m opendpi -edonkey -gadugadu -fasttrack -gnutella -directconnect -bittorrent -winmx -soulseek -j REJECT

Then, because i am italian, i decided to avoid my TOR node to connect to the Italian internet address space in order to reduce the chance that a stupid prosecutor would wake me up at morning because did not understand that i am running a TOR node.

I tried, with the help of hellais that wrote a script to make Exit Policy reject statement, to reject all Italian netblocks based on ioerror’s blockfinder but we found that the torrc configuration files with +1000 lines was making TOR crash.

We went to open a ticket to report the crash about our attempt to block TOR exit policy by country and found a similar attempt where we contributed, but it still seems to be an open-issue.

The conclusion is that it’s not possible to make a Country Exit Policy for TOR exit node in a clean and polite way so i decided to go the dirty way by using iptables/geoip . After fighting to make it compile properly, it was one line of iptables to block traffic going to italy:

iptables -A OUTPUT -p tcp -m state -state NEW -m geoip -dst-cc IT -j REJECT

Now from my exit-node no connection to italian networks will be done and i am safe against possibly stupid prosecutors not understanding TOR (i have an exception for all TOR node ip address applied before).

After some other days i started to receive complains due to portscan activities originated from my tor nodes.

From my own point of view i want to support anonymity network, not anonymous hacking attempt and so i want to filter-out portscan and attacks from originating from my node.That’s a complex matter that require some study, so in the meantime i installed scanlogd and snort because i want to evaluate how many attacks, which kind of attacks are getting out from my TOR exit node.
Later i will try to arrange some kind of filtering to be sure to be able to filter out major attacks.
For what’s related to portscan it seems that there are no public tools to detect and filter outgoing portscan but only to filter incoming portscan so probably will need to write something ad-hoc.
I will refer how things are going and if there will be some nice way to implement in a lightwave way snort-inline to selectively filter-out major attack attempt originating from my exit-node.

My goal is to keep an exit node running in long-term (at least 1TB of traffic per months donated to TOR), reducing the effort related to ISP complain and trying to do my best to run the exit-node with a reasonable liability.

Encrypted mobile to landline phone calls with Asterisk 1.8

We just released a technical howto on how to build up Secured mobile to landline VoIP infrastructure with:

In next weeks others howto like this one will come out by using other server platforms such as FreeSWITCH, all in the spirit of transparency and leverage of opensource security technologies.

PrivateGSM: Blackberry/iPhone/Nokia mobile voice encryption with ZRTP or SRTP/SDES

I absolutely avoid to use my own personal blog to make promotion of any kind of product.

That time it’s not different, but i want to tell you facts about products i work on without fancy marketing, but staying technical.

Today, at PrivateWave where i am CTO and co-founder, we released publicly mobile VoIP encryption products for Blackberry, iPhone and Nokia:

  • The 1st ever Blackberry encrypted VoIP with ZRTP - PrivateGSM VoIP Professional
  • The 1st ever iPhone encrypted VoIP with ZRTP - PrivateGSM VoIP Professional
  • The 1st ever Blackberry encrypted VoIP client with SRTP with SDES key exchange over SIP/TLS - PrivateGSM VoIP Enterprise


At PrivateWave we use a different approach respect to most voice encryption company out there, read our approach to security .

The relevance of this products in the technology and industry landscape can be summarized as follow:

  • It’s the first voice encryption company using only standards security protocols (and we expect the market will react, as it’s clear that proprietary tech coming from the heritage of CSD cannot provide same value)
  • It’s the first approach in voice encryption to use only open source & standard encryption engine
  • It’s the first voice encryption approach to provide different security model using different technologies (end-to-end for ZRTP and end-to-site for SRTP)

Those suite of Mobile Secure Clients, designed for professional security use only using best telecommunication and security technologies, provide a high degree of protection along with good performance also in bad network conditions:

The applications are:


The supported mobile devices are:

Regarding ZRTP we decided to stress and stretch all the security and paranoid feature of the protocol with some little addition:

Our strict address book integration, goes beyond ZRTP RFC specification, that could be vulnerable to certain attacks when used on mobile phones because of user behavior of not to look at mobile screen.

Our paranoy way of using ZRTP mitigate such conditions, we will write about this later and/or will add specific details for RFC inclusion.

Some words on PrivateGSM Professional with end-to-end encryption with ZRTP

Read technical sheet there!

To download it click here and just put your phone number

Those are the results of hard work of all my very skilled staff (16 persons worked on this 6 projects for 3 different platforms) on challenging technologies (voice encryption) in a difficult operating environment (dirty mobile networks and dirty mobile operating systems) for more than 2 years.

I am very proud of our staff!

What next?

In next weeks you will see releasing of major set of documentations such as integration with asterisks, freeswitch and other Security Enabled PBX, along with some exciting other security technology news that i am sure will be noticed ;)

It has been an hard work and more have to be done but i am confident that the security and opensource community will like such products and our transparent approach also with open important releases and open source integration that make a very politically neutral (backdoor free) technology.

A couple of nice VPN provider

There are a lot of reason why one would need to access internet trough a VPN.

For example if you live in a country blocking certain contents (like anti-local-government website, porn, etc) and/or protocols (like skype, voip) you would probably want to move your internet connectivity outside the nasty blocking country by using encrypted VPN tunnels.

I evaluated several hosted VPN server and a couple of them sounds quite good among the widespread offering of such services:


Exit to the internet from Switzerland.

Cost 6 CHF / months

Optional public fixed IP address

Useful if you need:

  • Just bypass local country filters with good high bandwidth
  • Expose public services trough the VPN with the optional fixed public IP address.


Exit to the internet by choosing among 20 different countries (each time you connect).

Useful if you need to do:

  • business intelligence on competitor (appearing to come from country X when connecting them)
  • see film/telefilm allowed only from national IP web spaces
  • see google results among different countries

Not every elliptic curve is the same: trough on ECC security

My own ECC curve security and selection analysis


Most modern crypto use Elliptic Curve Cryptographic (ECC) that, with a smaller key size and reduce computation power, give equivalent security strength of traditional crypto system known as DH (Diffie-Hellman) or RSA (Rivest, Shamir and Adleman) .

Not everyone knows that ECC encryption is selected for any future encryption applications and that even TLS/SSL (encryption used for securing the web) is moving to ECC.

I found plenty of so called “proprietary encryption products” which abandoned RSA and DH to goes with ECC alternatives, that tend to arbitrary use ECC bit key size without even specifying which kind of ECC crypto get used.

However there is a lot of confusion around Elliptic Curves, with a lot of different names and key size making difficult for a non-cryptographically-experienced-user to make your own figure when evaluating some crypto stuff.

Because of so diffused confusion i decided to make my own analysis to find out which are the best ECC encryption curves and right ECC key size to use.

This analysis would like to provide a security industry based choice among various curves and key sizes, leaving the mathematical and crypto analytical considerations that has been already been done during the years, summarizing the various choices taken in several standards and security protocols.

First the conclusion.

From my analysis only the following ECC curves are to be considered for use in encryption systems because are the only one selected among different authorities (ANSI, NSA, SAG, NIST, ECC BrainPool), different security protocol standards (IPSec, OpenPGP, ZRTP, Kerberos, SSL/TLS) and the only one matching NSA Suite B security requirements (de-facto standard also for NATO military environment):

  • Elliptic Prime Curve 256 bit - P-256
  • Elliptic Prime Curve 384 bit - P-384

with optional, just for really paranoid that want to get more key size bit, still not considered useful:

  • Elliptic Prime Curve 521 bit - P-521

I would like to state that Koblitz curves should be avoided, in any key size (163 / 283 / 409 / 571) as they does not have enough warranty on crypto analytic activity and effectively they are:

  • Not part of NSA Suite-B cryptography selection
  • Not part of ECC Brainpool selection
  • Not part of ANSI X9.62 selection
  • Not part of OpenPGP ECC extension selection
  • Not part of Kerberos extension for ECC curve selection

I invite the reader to follow trough my analysis to understand the fundamentals that could be understood even without deep technical background but at least with a good technological background a some basic bit of cryptography.

Here we go with the analysis


My goal is to make an analysis on what/how the open scientific and security community choose ECC crypto system for usage in security protocols and standards defined by IETF RFC (the ones who define Internet Standards in a open and peer-reviewed way).

Below a set of RFC introducing ECC into existing system that get analyzed to understand what’s better to use and what’s better to exclude:

  • RFC5639: ECC Brainpool Standard Curves & Curve Generation
  • RFC4869: NSA Suite B Cryptographic Suites for IPsec
  • RFC5430: NSA Suite B profile for Transport Layer Security (TLS)
  • RFC5008: NSA Suite B in in Secure/Multipurpose Internet Mail Extensions (S/MIME)
  • RFC3766: Determining Strengths For Public Keys Used For Exchanging Symmetric Keys
  • RFC5349: Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
  • RFC4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
  • ZRTP voice encryption by Philip Zimmermann ECC curve
  • ECC in OpenPGP (draft draft-jivsov-openpgp-ecc-06)
  • ECC Curves selected by Microsoft for Smartcard Kerberos login

We will use the choice made by scientist defining Internet Security Protocols to make part of our evaluation.
Additionally it must be understood that the Curve selection comes from different authorities that made their own selection of Curves in order to tell to the industry what to use and what to skip:

We will use the choice made by scientist defining security requirements in the standardization agencies to make part of our evaluation.
Additionally, something that most people does not know, but that it’s extremely relevant to our analysis, is that there are different kind of ECC curve cryptography and their “size” it’s different depending on the kind of curve:

  • ECC Curves over Prime Field (often referred as Elliptic Curve and represented by P-keysize)
  • ECC Curves over Binary Field (often referred as Koblitz Curve and represented by K-keysize)

Given a security strength equivalence the Elliptic Curve and the Kobliz Curve have different key size, for example when we read ECC 571 we are referring to Koblitz Curve with an equivalent strength to ECC 521 Prime curve.

A comparison of strength between Elliptic Curves and Kotbliz Curves is reported below (from Mikey ECC internet Draft):

| Koblitz |  ECC  |  DH/DSA/RSA
|   163   |  192  |     1024
|   283   |  256  |     3072
|   409   |  384  |     7680
|   571   |  521  |    15360

Below there’s a comparison of all selected curves by all the various entities and their respective name (from IETF RFC4492 for ECC usage for TLS) :

Curve names chosen by different standards organizations
SECG        |  ANSI X9.62   |  NIST
sect163k1   |               |   NIST K-163
sect163r1   |               |
sect163r2   |               |   NIST B-163
sect193r1   |               |
sect193r2   |               |
sect233k1   |               |   NIST K-233
sect233r1   |               |   NIST B-233
sect239k1   |               |
sect283k1   |               |   NIST K-283
sect283r1   |               |   NIST B-283
sect409k1   |               |   NIST K-409
sect409r1   |               |   NIST B-409
sect571k1   |               |   NIST K-571
sect571r1   |               |   NIST B-571
secp160k1   |               |
secp160r1   |               |
secp160r2   |               |
secp192k1   |               |
secp192r1   |  prime192v1   |   NIST P-192
secp224k1   |               |
secp224r1   |               |   NIST P-224
secp256k1   |               |
secp256r1   |  prime256v1   |   NIST P-256
secp384r1   |               |   NIST P-384
secp521r1   |               |   NIST P-521

What immediately appear is that there are only two curves selected by all authorities, and that there is a general dumping of koblitz curves by ANSI.The only commonly agreed among the 3 authorities are the following two ECC curve:

  • secp192r1 / prime192v1 / NIST P-192
  • secp256r1 / prime256v1 / NIST P-256

Of those selection of ECC curve for TLS the RFC5430 skipped completely koblitz curves and selected for usage only:

  • P-256, P-384, P-521

The ECC Brainpool skipped completely Koblitz curves and selected for usage the following ECC Curves:

  • P-160, P-192, P-224, P-256, P-320, P-384, P-512 (that’s the only particular because it’s not P-521 but P-512, the only key-size referred by ECC brainpool. Tnx Ian Simons from Athena SCS)

The OpenPGP internet draft for ECC usage in PGP draft-jivsov-openpgp-ecc-06 skipped completely Koblitz curves and selected the following ECC curves

  • P-256, P-384, P-521

The Kerberos protocol extension for ECC use, defined in RFC5349 and defined by Microsoft for smartcard logon skipped completely Koblitz curves and selected the following ECC curves:

  • P-256, P-384, P-521

So, sounds clear that the right selection of ECC is for P-256, P-384 and P-521 while the Koblitz curve have been skipped for Top Secret use and for any security sensitive protocol (IPSec, OpenPGP, ZRTP, Kerberos, SSL/TLS).

Why i made this analysis?

I have done this analysis following a discussion i had regarding certain voice encryption products, all based on custom and proprietary protocols, that are all using Elliptic Curve Diffie Hellman 571 bit / ECDH 571 / 571-bit ECDH / Koblitz 571 bits .
All them are using the K-571 that, as described before, has been removed from all security sensitive environment and protocols and being myself a designer of voice encryption stuff i think that their cryptographic choice is absolutely not the best security choice.
Probably it has been done just for marketing purpose, because K-571 (Koblitz curve) seems stronger than P-521 (Elliptic curve based on Prime number). If you have “more bit” your marketing guys can claim to be “more secure”. Koblitz elliptic curve are faster than the top secret enabled prime elliptic curve and so give the product manager a chance to provide “more bit” in it’s own product while keeping the key exchange fast.

It’s a matter of philosophical choice.

I prefer to follow the trend of scientific community with the humility of not to considering myself a cryptographic expert, knowledgable more than the overall security and scientific community itself.

I prefer instead to use only algorithms that are approved for use in highly sensitive environments (top secret classification), that have been selected by all the authorities and working group analyzing encryption algorithms existing out-there and that represent the choice of almost all standard security protocols (IPSec, OpenPGP, ZRTP, Kerberos, SSL/TLS, etc).
I prefer to count the amount of brains working on the crypto i use, that check that’s really secure, that evaluate whether there’s some weakness.

The number of brais working on Crypto widely diffused are of order of magnitude more than the number of brains working on crypto used by just few people (like Koblitz curve).
So i am not demonizing who use ECDH 571 using Koblitz Curve, but for sure i can affirm that they did not taken the best choice in terms of security and that any security professionals doing a security benchmarking would consider the fact that Elliptic Curve Diffie Hellman 571 bit done with Koblitz Curve is not widely diffused, it’s dumped from standard security protocols and it’s not certified for top secret use.

ESSOR, European Secure Software Defined Radio (SDR)

I had a look at European Defense Agency website and found the ESSOR project, a working project funded for 106mln EUR to develop strategic defense communication products based on new Software Defined Radio approach.

SDR approach is a revolutionary system that’s completely changing the way scientist and industry is approach any kind of wireless technology.

Basically instead of burning hardware chip that implement most of the radio frequency protocols and techniques, they are pushed in “software” to specialized radio hardware that can work on a lot of different frequency, acting as radio interface for a lot of different radio protocols.

For example the USRP (Universal Software Radio Peripheral) from Ettus Research that cost 1000-2000USD fully loaded, trough the opensource GnuRadio framework, have seen opensource implementation of:

And a lot more protocols and transmission technologies.

That kind of new approach to Radio Transmission System is destinated to change the way radio system are implemented, giving new capability such as to upgrade the “radio protocol itself” in software in order to provide “radio protocol” improvements.

In the short terms we have also seen very strong security research using SDR technologies such as the GSM cracking and the Bluetooth Sniffing.

We can expect that other technologies, weak by design but protected by the restriction to hardware devices to hack the low level protocols, will be soon get hacked. In the first list i would really like to see the hacking of TETRA, a technology born with closed mindset and secret encryption algorithms, something i really dislike ;-)

Voice communication security workshop


i made a talk about voice communication security technologies at University of Trento following an interesting information exchange with Crypto Lab managed Professor Massimiliano Sala .

I suggest interested people to read it, especially the second part, as there is an innovative categorization of the various voice encryption technologies that get used in several sectors.

I tried to explain and get out from this widely fragmented technological sector by providing a wide overview on technologies that usually are absolutely unrelated one-each-other but practically they all apply to voice encryption following that categorization:

  • Mobile TLC Industry voice encryption standards
  • Government and Military voice encryption standards
  • Public safety voice encryption standards
  • IETF voice encryption standards
  • Misc proprietary voice encryption technologies

It’s a huge slideware, 122 slides, i suggest to go reading the 2nd part skipping interception technologies overview already covered by my presentation of 2009.

Voice communication security

Especially i like the concept of Chocolate grade encryption that want to provide some innovation on the Snake Oil Encryption concept.

But i need to get more in depth about the Chocolate grade encryption context, will probably do before end-of-year by providing an applied course on understanding and evaluating practically the real security context of various voice encryption technologies.

27C3 - CCC Congress CFP: We come in peace

We come in peace


We come in peace, said the conquerers of the New World.

We come in peace, says the government, when it comes to colonise, regulate, and militarise the new digital world.

We come in peace, say the nation-state sized companies that have set out to monetise the net and chain the users to their shiny new devices.

We come in peace, we say as hackers, geeks and nerds, when we set out towards the real world and try to change it, because it has intruded into our natural habitat, the cyberspace…

Call for paper for participation to 27C3 CCC congress is open, and i never saw a so exciting payoff :-)

See you on 30 December 2010 in Berlin!

GSM cracking in penetration test methodologies (OSSTMM) ?

As most of this blog reader already know, in past years there was a lot of activities related to public research for GSM auditing and cracking.

However when there was huge media coverage to GSM cracking research results, the tools to make the cracking was really early stage and still very inefficient.

Now Frank Stevenson , norwegian cryptanalyst that already broke the Content Scrambling System of DVD video disc, participating to the A51 cracking project started by Karsten Nohl, released Kraken , a new improved version of the A51 cracking system.

It’s interesting to notice that WiFi cracking had a similar story, as the first WiFi wep cracking discovery was quite slow in earlier techniques but later Korek, an hacker working on cracking code, improve the attack system drammatically.

That’s the story of security research cooperation, you start a research, someone follow it and improve it, some other follow it and improved it and at the end you get the result.

Read more on the Kraken GSM Cracking software release.

And stay tuned as next week at Blackhat Conference Karsten Nohl will explain the details of the required hardware setup and detailed instructions on how to do it :-)

I would really like to see those tools incorporated into Penetration Testing Linux Distribution BackTrack with OSSTMM methodology enforcing the testing of GSM interception and man in the middle :-)

If things proceed that way and Ettus Research (The producer of USRP2 software radio used for low cost GSM signal receiving) will not be taken down, we can still see this.

Snake-oil security claims on crypto security product

Security market grow, more companies goes to the market, but how many of them are taking seriously what they do?

You know, doing security technology mean that you are personally responsible for the protection of the user’s information. You must make them aware of what they need, exactly what your are doing and which kind of threat model your product protect.

A typical problem of product’s security features is represented by the inability of the user to evaluate the security claims of the product itself.

So there’s a lot companies doing a not-so-ethical marketing of security features, based on the facts that no user will be able to evaluate it.

The previously explained situation reside in the security topic of Snake Oil Encryption, an evolution in the scientific cryptographic environment that let us today use best of breed information protection technologies without having to worry too much about backdoors or insecurities.

Let’s speak about Snake Oil Encryption

Snake Oil Cryptography : In cryptography, snake oil is a term used to describe commercial cryptographic methods and products which are considered bogus or fraudulent. Distinguishing secure cryptography from insecure cryptography can be difficult from the viewpoint of a user. Many cryptographers, such as Bruce Schneier and Phil Zimmermann, undertake to educate the public in how secure cryptography is done, as well as highlighting the misleading marketing of some cryptographic products.

The most referenced crypto security guru, Philip Zimmermann and Bruce Schneier, was the 1st to talk about Snake Oil Encryption:

Snake Oil by Philip Zimmermann

Snake Oil by Bruce Schneier

The Michigan Telecommunications and Technology Law Review also made a very good analysis related to the Security Features of Security Products, SNAKE-OIL SECURITY CLAIMS” THE SYSTEMATIC MISREPRESENTATION OF PRODUCT SECURITY . They explain about the nasty marketing tricks used to tweak users inability to evaluate the security features, including economic and legal responsibility implication.

Several snake oil security product companies does not explain and are not clear about the threat model to which the product apply. Very famous is the sentence of Russ Nelson:

“Remember, crypto without a threat model is like cookies without milk. ….. Cryptography without a threat model is like motherhood without apple pie. Can’t say that enough times. More generally, security without a threat model is by definition going to fail.”

So, how to spot snake oil security products?

Check a guideline of to spot Snake Oil Encryption Products: Snake Oil Warning Signs, Encryption Software to Avoid by Matt Curtin .

You can see this very good Cryptographic Snake Oil Examples by Emility Ratliff (IBM Architect at Linux Security), that tried to make clear example on how to spot Cryptographic Snake Oil.

Here represented the basic guideline from Matt Curtin paper:

By checking that points it’s possible to evaluate how serious an encryption technology or product is.

But all in all how to fix that unethical security approach?

It’s very significative and it would be really useful for each kind of security product category to make some strongly and independent evaluation guideline (like OSSTMM for Penetration testing) , to make this security evaluation process really in the hands of the user.

It would be also very nice to have someone making analysis and evaluation of security product companies, publishing reports about Snake Oil signs.

Web2.0 privacy leak in Mobile apps

You know that web2.0 world it’s plenty of leak of any kind (profiling, profiling, profiling) related to Privacy and users starts being concerned about it.

Users continuously download applications without knowing the details of what they do, for example iFart just because are cool, are fun and sometime are useful.

On mobile phones users install from 1000% up to 10.000% more applications than on a PC, and those apps may contain malware or other unexpected functionalities.

Recently infobyte analyzed ubertwitter client and discovered that the client was leaking and sending to their server many personal and sensitive data such as:

- Blackberry PIN

- Phone Number

- Email Address

- Geographic positioning information

Read about UbertTwitter ‘spyware’ features discovery here by infoByte .

It’s plenty of applications leaking private and sensitive information but just nobody have a look at it.

Should mandatory data retention and privacy policies became part of application development and submission guideline for mobile application?

Imho a users must not only be warned about the application capabilities and API usage but also what will do with which kind of information it’s going to handle inside the mobile phone.

Capabilities means authorizing the application to use a certain functionalities, for example to use GeoLocation API, but what the application will do and to who will provide such information once the user have authorized it?

That’s a security profiling level that mobile phone manufacturer does not provide and they should, because it focus on the information and not on the application authorization/permission respect to the usage of device capabilities.

p.s. yes! ok! I agree! This kind of post would require 3-4 pages long discussion as the topic is hot and quite articulated but it’s saturday morning and i gotta go!

AES algorithm selected for use in space

I encountered a nice paper regarding analysis and consideration on which encryption algorithm it’s best suited for use in the space by space ship and equipments.

The paper has been done by the Consultative Committee for Space Data Systems that’s a consortium of all space agency around that cumulatively handled more than 400 mission to space.


Read the paper Encryption Algorithm Trade Survey as it gives interesting consideration and comparison between different encryption algorithms.

Obviously the finally selected algorithm is AES, while KASUMI (used in UMTS networks) was avoided.

Blackberry Security and Encryption: Devil or Angel?

Blackberry have good and bad reputation regarding his security capability, depending from which angle you look at it.

This post it’s a summarized set of information to let the reader the get picture, without taking much a position as RIM and Blackberry can be considered, depending on the point of view, an extremely secure platform or an extremely dangerous one .


Let’s goes on.

On one side Blackberry it’s a platform plenty of encryption features, security features everywhere, device encrypted (with custom crypto), communication encrypted (with custom proprietary protocols such as IPPP), very good Advanced Security Settings, Encryption framework from Certicom (now owned by RIM).

On the other side they does not provide only a device but an overlay access network, called BIS (Blackberry Internet Service), that’s a global worldwide wide area network where your blackberry enter while you browse or checkmail using AP.

When you, or an application, use the APN you are not just connecting to the internet with the carrier internet connection, but you are entering inside the RIM network that will proxy and act as a gateway to reach the internet.

The very same happen when you have a corporate use: Both the BB device and the corporate BES connect to the RIM network that act as a sort of vpn concentration network.

So basically all the communications cross trough RIM service infrastructure in encrypted format with a set proprietary encryption and communication protocols.

Just as a notice, think that google to provide gtalk over APN, made an agreement in order to offer service inside the BB network to the BB users. When you install gtalk you get added 3 service books that point to GTALKNA01 that’s the name of GTALK gateway inside the RIM network to allow intra-BIS communication and act as a GTALK gateway to the internet.

The mobile operators usually are not even allowed to inspect the traffic between the Blackberry device and the Blackberry Network.

So RIM and Blackberry are somehow unique for their approach as they provide a platform, a network and a service all bundled together and you cannot just “get the device and the software” but the user and the corporate are always bound and connected to the service network.

That’s good and that’s bad, because it means that RIM provide extremely good security features and capabilities to protect information, device and access to information at various level against third party.

But it’s always difficult to estimate the threat and risk related to RIM itself and who could make political pressure against RIM.

Please consider that i am not saying “RIM is looking at your data” but making an objective risk analysis: for how the platform is done RIM have authority on the device, on the information on-the-device and on the information that cross the network. (Read my Mobile Security Slides).

For example let’s consider the very same context for Nokia phones.

Once the Nokia device is sold, Nokia does not have authority on the device, nor on the information on-the-device nor on the information that cross the network. But it’s also true that Nokia just provide the device and does not provide the value added services such as the Enterprise integration (The RIM VPN tunnel), the BIS access network and all the local and remote security provisioned features that Blackberry provide.

So it’s a matter of considering the risk context in the proper way when choosing the platform, with an example very similar to choosing Microsoft Exchange Server (on your own service) or whether getting a SaaS service like Google Apps.

In both case you need to trust the provider, but in first example you need to trust Microsoft that does not put a backdoor on the software while in the 2nd example you need to trust Google, as a platform and service provider, that does not access your information.

So it’s a different paradigm to be evaluated depending on your threat model.

If your threat model let you consider RIM as a trusted third party service provider (much like google) than it’s ok. If you have a very high risk context, like top-secret one, then let’s consider and evaluate carefully whether it’s not better to keep the Blackberry services fully isolated from the device or use another system without interaction with manufacturer servers and services.

Now, let’s get back to some research and some facts about blackberry and blackberry security itself.

First of all several governments had to deal with RIM in order to force them to provide access to the information that cross their service networks while other decided to directly ban Blackberry usage for high officials because of servers located in UK and USA, while other decided to install their own backdoors.

There’s a lot of discussion when the topics are RIM Blackberry and Governments for various reasons.

Below a set of official Security related information on RIM blackberry platform:

And here a set of unofficial Security and Hacking related information on RIM Blackberry platform:

Because it’s 23.32 (GMT+1), i am tired, i think that this post will end up here.

I hope to have provided the reader a set of useful information and consideration to go more in depth in analyzing and considering the overall blackberry security (in the good and in the bad, it always depends on your threat model!).


Fabio Pietrosanti (naif)

p.s. i am managing security technology development (voice encryption tech) on Blackberry platform, and i can tell you that from the development point of view it’s absolutely better than Nokia in terms of compatibility and speed of development, but use only RIMOS 5.0+ !

Botnet for RSA cracking?

I read an interesting article about putting 1.000.000 computers, given the chance for a serious botnet owner to get it, to crack RSA.

The result is that in such context attacking an RSA 1024bit key would take only 28 years, compared to theoretical 19 billion of years.

Reading of this article, is extremely interesting because it gives our very important consideration on the cryptography strength respect to the computation power required to carry on cracking attempt, along with industry approach to “default security level”.

I would say a must read.

Patent rights and opensource: can they co-exist?

How many of you had to deal with patented technologies?

How many of the patented technologies you dealed with was also “secrets” in their implementation?

Well, there’s a set of technologies whose implementation is open source (copyright) but that are patented (intellectual property right).

A very nice paper about the topic opensource & patents that i suggest to read is from Fenwick & West and can be downloaded here (pdf).

China Encryption Regulations

Hi all,

i found this very interesting paper on China Encryption Import/Export/Domestic Regulations done by Baker&Mckenzie in the US.

It’s strongly business and regulatory oriented giving a very well done view on how china regulations works and how it may behave in future.

Read here Decrypting China Encryption’s Regulations (form Bakernet website) .

Mobile Security talk at WHYMCA conference

I want to share some slides i used to talk about mobile security at whymca mobile conference in Milan.

Read here my slides on mobile security .

The slides provide a wide an in-depth overview of mobile security related matters, i should be doing some slidecast about it putting also audio. Maybe will do, maybe not, it depends on time that’s always a insufficient resource.

iPhone PIN: useless encryption

I recently switched one of my multiple mobile phones with which i go around to iPhone.

I am particularly concerned about data protection in case of theft and so started having a look around about the iPhone provided protection system.

There is an interesting set of iPhone Business Security Features that make me think that iPhone is moving in the right path for security protection of the phone, but still a lot of things has to be done, especially for serious Enterprise and Government users.


For example it turned out that the iPhone PIN protection is useless and it can be broken just plugging the iPhone to a Linux machine and accessing the device like a USB stick.

That’s something disturbing my paranoid mindset that make me think not to use sensitive data on my iPhone if i cannot protect my data.

Probably an iPhone independent disk encryption product would be very useful in order to let the market create protection schemas that fit the different risk contexts that different users may have.

Probably a general consumer is not worried about this PIN vulnerability but for me, working within highly confidential envirnonment such as intelligence, finance and military, it’s something that i cannot accept.

I need strong disk encryption on my mobile phone.

I do strong voice encryption for it, but it would be really nice to have also something to protect the whole iPhone data and not just phone calls.

Exploit code against SecurStar DriveCrypt published

It seems that the hacking community somehow like to target securstar products, maybe because hacking community doesn’t like the often revealed unethical approach already previously described in this blog by articles and user’s comments.

In 2004 a lot of accusation against Hafner of SecurStar went out because of alleged intellectual property theft regarding opensource codes such as Encryption 4 the masses and legal advert also against the Free and opensource TrueCrypt project .

In 2008 there was a pre-boot authentication hacking against DriveCrypt Plus posted on Full-Disclosure.

Early 2010 it was the time of the fake infosecurity research secretly sponsored by securstar at (that now they tried to remove from the web because of embarrassing situation, but backup of the story are available, hacking community still wait for apologies) .

Now, mid 2010, following a research published in December 2009 about Disk Encryption software vulnerabilities made by Neil Kettle (mu-b), Security researcher at digit-labs and Penetration tester at Convergent Network Solutions , DriveCrypt was found to be vulnerable and exploitable breaking on-device security of the system and exploit code has been just released.

Exploit code reported below (thanks Neil for the code release!):

  • Arbitrary kernel code execution security exploit of DriveCrypt: drivecrypt-dcr.c
  • Arbitrary file reading/writing security exploit via unchecked user-definable parameters to ZxCreateFile/ReadFile/WriteFile: drivecrypt-fopen.c

The exploit code has been tested against DriveCrypt 5.3, currently released DriveCrypt 5.4 is reported to be vulnerable too as it has just minor changes related to win7 compatibility. Can anyone make a double check and report a comment here?

Very good job Neil!

In the meantime the Free Truecrypt is probably the preferred choice for disk encryption, given the fact that it’s difficult to trust DriveCrypt, PGP has been acquired by Symantec and there are very bad rumors about the trust that people have in Symantec and there are not many widely available alternatives.

Rumors say that also PhoneCrypt binaries are getting analyzed and the proprietary encryption system could reveal something fun…

Quantum cryptography broken

Quantum cryptography it’s something very challenging, encryption methods that leverage the law of phisycs to secure communications over fiber lines.

To oversimplify the system is based on the fact that if someone cut the fiber, put a tap in the middle, and joint together the other side of the fiber, the amount of “errors” that will be on the communications path will be higher than 20% .

So if QBER (Quantum Bit Error Rate) goes above 20% then it’s assumed that the system is intercepted.

Researcher at university of toronto was able to cheat the system with a staying below the 20%, at 19.7% , thus tweaking the threshold used by the system to consider the communication channel secure vs compromised.

The product found vulnerable is called Cerberis Layer2 and produced by the Swiss ID Quantique.

Some possibile approach to detect the attack has been provided but probably, imho, such kind of systems does not have to be considered 100% reliable until the technology will be mature enough.

Traditional encryption has to be used together till several years, eventually bundled with quantum encryption whether applicable.

When we will see a quantum encryption systems on an RFC like we have seen for ZRTP, PGP and SSL ?


great point of view

Because security of a cryptographic system it’s not a matter of “how many bits do i use” but using the right approach to do the right thing to mitigate the defined security risk in the most balanced way.


Encryption is not scrambling: be aware of scrambler!

Most of us know about voice scrambler that can be used across almost any kind of voice based communication technology.

Extremely flexible approach: works everything

Extreme performance: very low latency

but unfortunately…

Extremely weak: Scrambling cannot be considered secure.

Only encryption can be considered secure under the Kerckoff’s principle .

So please don’t even consider any kind of analog scrambler if you need real security.

Read deeply the paper Implementation of a real-time voice encryption system” by Markus Brandau, especially the cryptoanalysis paragraph.

SecurStar GmbH Phonecrypt answers on the Infosecurityguard/Notrax case: absolutely unreasonable! :-)

UPDATE 20.04.2010: has been disabled. Notrax identity became known to several guys in the voice security environments (cannot tell, but you can imagine, i was right!) and so our friends decided to trow away the website because of legal responsibility under UK and USA laws.

UPDATE: Nice summary of the whole story (i know, it’s long and complicated to read at 1st time) on SIPVicious VoIP security blog by Sandro Gauci.

Following my discoveries, Mr. Hafner, SecurStar chief exec, tried to ultimately defend their actions, citing absolutely unreasonable excuses to The Reg instead of publicly apologizing for what they have done: creating a fake independent security research to promote their PhoneCrypt product.

He tried to convince us that the person behind IP, used by the author of and pointing to their office DSL line, was this hacker Notrax, using their anonymous surfing service and not one of their employees at their office:

“SecurStar chief exec Wilfried Hafner denied any contact with Notrax. Notrax, he said, must have been using his firm’s anonymous browsing service, SurfSolo, to produce the results reported by Pietrosanti”

Let’s reflect a moment on this sentence… Would really an hacker looking for anonymity spend 64 EUR to buy their anonymity surfing service called surfsolo instead of using the free and much more secure TOR (the onion router)?Then let’s reflect on this other piece of information:

  • The IP is SecurStar GmbH’s office DSL line
  • On they have installed their VoIP/Asterisk PBX and internet gateway
  • They promote their anonymous proxy service for “Anonymous p2p use” ( Who would let users do p2p from the office dsl line where they have installed their corporate VoIP PBX ? If you do VoIP you can’t let third party flood your line w/ p2p traffic, your phone calls would became obviously unreliable (yes, yes, you can do QoS, but you would not place an anonymous navigation proxy on your company office DSL line…).
  • Which company providing an anonymous navigation service would ever use their own office IP address? Just think how many times you would have the police knocking at your door and your employees as the prime suspects. (In past i used to run a TOR node, i know the risks…). Also think how many times you would find yourself blacklisted on google as a spyware bot.
  • Mr. Hafner also says “We have two million people using this product. Or he may have been an old customer of ours”. 2M users on a DSL line, really?
  • I don’t use Surfsolo service, however their proxies are probably these ones: - -

Frankly speaking I can easily understand that Mr. Hafner is going do whatever he can to protect his company from the scandal, but the “anonymous proxy” excuse is at the very least suspicious.

How does the fact that the “independent research” was semantically a product review of PhoneCrypt, along with the discovery that the author come from the SecurStar GmbH IP address offices, along with the anonymity of this Notrax guy (SecurStar calls him a “well known it security professional” in their press release..) sound to you?

It’s possible that earth will get an attack from outer space that’s going to destroy our life?

Statistically extremely difficult, but yes, possible. More or less like the “anonymous proxy” story told by Mr. Hafner to cover the fact that they are the ones behind the fake “independent security review”.

Hey, I don’t need anything else to convince myself or to let the smart person have his own thoughts on this.

I just think that the best way for SecurStar to get out of this mess would probably be to provide public excuses to the hacking community for abusing the name and reputation of real independent security researches, for the sake of a marketing stunt.


Fabio Pietrosanti

p.s. I am currently waiting for some other infos that will more precisely confirm that what Mr. Hafner is saying is not properly true. Stay tuned.

About the SecurStar GmbH Phonecrypt voice encryption analysis (criteria, errors and different results)

This article want to clarify and better explain the finding at regaring voice encryption product evaluation.
This article want to tell you a different point of view other than and explaining which are the rational with extensive explaination from security point of view.
Today i read news saying: “PhoneCrypt: Basic Vulnerability Found in 12 out of 15 Voice Encryption Products and went to read the website infosecurityguard.

Initially it appeared to my like a great research activity but then i started reading deeply the read about it.I found that it’s not properly a security research but there is are concrete elements that’s a marketing campaign well done in order to attract public media and publicize a product.
Imho they was able to cheat journalists and users because the marketing campaign was absolutely well done not to be discovered on 1st read attempt. I personally considered it like a valid one on 1st ready (they cheated me initially!).

But if you go deeply… you will understand that:
- it’s a camouflage marketing initiative arranged by SecurStar GmbH and not a independent security research
- they consider a only security context where local device has been compromised (no software can be secured in that case, like saying SSL can be compromised if you have a trojan!)
- they do not consider any basic security and cryptographic security criteria

However a lot of important website reported it:

This article is quite long, if you read it you will understand better what’s going on around research and research result.

I want to to tell you why and how (imho) they are wrong.

The research missed to consider Security, Cryptography and Transparency!

Well, all this research sound much like being focused on the marketing goal to say that their PhoneCrypt product is the “super” product best of all the other ones.
Any security expert that would have as duty the “software evaluation” in order to protect the confidentiality of phone calls will evaluate other different characteristics of the product and the technology.

Yes, it’s true that most of the product described by SecurStar in their anonymous marketing website called have some weakness.
But the relevant weakness are others and PhoneCrypt unfortunately, like most of the described products suffer from this.
Let’s review which characteristics are needed basic cryptography and security requirement (the best practice, the foundation and the basics!)

a - Security Trough Obscurity does not work

A basic rule in cryptography cames from 1883 by Auguste Kerckhoffs:

In a well-designed cryptographic system, only the key needs to be secret; there should be no secrecy in the algorithm.
Modern cryptographers have embraced this principle, calling anything else “security by obscurity.”
Read what Bruce Schneir, recognized expert and cryptographer in the world say about this
Any security expert will tell you that’s true. Even a novice university student will tell you that’s true. Simply because that’s the only way to do cryptography.
Almost all product described in the review by SecurStar GmbH, include PhoneCrypt, does not provide precise details about their cryptographic technologies.
Precise details are:
  • Detailed specification of cryptographic algorithm (that’s not just saying “we use AES“)
  • Detailed specification of cryptographic protocol (that’s not just saying “we use Diffie Hellman” )
  • Detailed specification of measuring the cryptographic strenght (that’s not just saying “we have 10000000 bit key size“)

Providing precise details means having extensive documentation with theoretical and practical implications documenting ANY single way of how the algorithm works, how the protocol works with precise specification to replicate it for interoperability testing.
It means that scientific community should be able to play with the technology, audit it, hack it.
If we don’t know anything about the cryptographic system in details, how can we know which are the weakness and strength points?

Mike Fratto, Site editor of Network Computing, made a great article on “Saying NO to proprietary cryptographic systems” .
Cerias Purdue University tell this.

b - NON peer reviewed and NON scientifically approved Cryptography does not work

In any case and in any condition you do cryptography you need to be sure that someone else will check, review, analyze, distruct and reconstract from scratch your technology and provide those information free to the public for open discussion.
That’s exactly how AES was born and like US National Institute of Standard make crypto does (with public contest with public peer review where only the best evaluated win).
A public discussion with a public contest where the a lot of review by most famous and expert cryptographer in the world, hackers (with their name,surname and face, not like Notrax) provide their contribution, tell what they thinks.
That’s called “peer review”.

If a cryptographic technology has an extended and important peer review, distributed in the world coming from universities, private security companies, military institutions, hackers and all coming from different part of the world (from USA to Europe to Russia to South America to Middle east to China) and all of them agree that a specific technology it’s secure…
Well, in that case we can consider the technology secure because a lot of entities with good reputation and authority coming from a lot of different place in the world have publicly reviewed, analyzed and confirmed that a technology it’s secure.

How a private company can even think to invent on it’s own a secure communication protocol when it’s scientifically stated that it’s not possible to do it in a “proprietary and closed way” ?
IBM tell you that peer review it’s required for cryptography.
Bruce Schneier tell you that “Good cryptographers know that nothing substitutes for extensive peer review and years of analysis.”
Philip Zimmermann will tell you to beware of Snake Oil where the story is: “Every software engineer fancies himself a cryptographer, which has led to the proliferation of really bad crypto software.”

c - Closed source cryptography does not work

As you know any kind of “serious” and with “good reputation” cryptographic technology is implemented in opensource.
There are usually multiple implementation of the same cryptographic algorithm and cryptographic protocol to be able to review all the way it works and certify the interoperability.
Supposing to use a standard with precise and extended details on “how it works”, that has been “peer reviewed” by the scientific community BUT that has been re-implemented from scratch by a not so smart programmer and the implementation it’s plenty of bugs.

Well, if the implementation is “opensource” this means that it can be reviewed, improved, tested, audited and the end user will certaintly have in it’s own had a piece of technology “that works safely” .

Google release opensource crypto toolkit
Mozilla release opensource crypto toolkit
Bruce Schneier tell you that Cryptography must be opensource.

Another cryptographic point of view

I don’t want to convince anyone but just provide facts related to science, related to cryptography and security in order to reduce the effect of misinformation done by security companies whose only goes is to sell you something and not to do something that make the world a better.

When you do secure products, if they are not done following the proper approach people could die.
It’s absolutely something irresponsible not to use best practice to do crypto stuff.

To summarize let’s review the review from a security best pratice point of view.

Product name Security Trough Obscurity Public peer review Open Source Compromise locally?
Caspertec Obscurity No public review Closed Yes
CellCrypt Obscurity
No public review
Cryptophone Transparency Limited public review Public Yes
Gold-Lock Obscurity
No public review
Illix Obscurity
No public review
No1.BC Obscurity No public review
PhoneCrypt Obscurity
No public review
Rode&Swarz Obscurity
No public review
Secure-Voice Obscurity
No public review
SecuSmart Obscurity
No public review
SecVoice Obscurity
No public review
SegureGSM Obscurity
No public review
SnapCell Obscurity
No public review
Tripleton Obscurity
No public review
Zfone Transparency Public review
Open Yes
ZRTP Transparency Public review
Open Yes

*Green means that it match basic requirement for a cryptographic secure system

* Red / Broken means that it does not match basic requirement for a cryptographic secure system
That’s my analysis using a evaluation method based on cryptographic and security parameters not including the local compromise context that i consider useless.

However, to be clear, those are only basic parameters to be used when considering a voice encryption product (just to avoid being in a situation that appears like i am promoting other products). So it may absolutely possible that a product with good crypto (transparency, peer reviewed and opensource) is absolutely a not secure product because of whatever reason (badly written, not usable causing user not to use it and use cleartext calls, politically compromised, etc, etc).
I think i will prepare a broader criteria for voice crypto technologies and voice crypto products, so it would be much easier and much practical to have a full transparent set of criterias to evaluate it.

But those are really the basis of security to be matched for a good voice encryption system!
Read some useful past slides on security protocols used in voice encryption systems (2nd part).

Now read below some more practical doubt about their research.

The security concept of the review is misleading: any hacked device can be always intercepted!


Now they are pointing out that also Zfone from Philip Zimmermann is broken (a pc software), just because they install a trojan on a PC like in a mobile phone?
Any security software rely on the fact that the underlying operating system is somehow trusted and preserve the integrity of the environment where the software run.

  • If you have a disk encryption system but your PC if infected by a trojan, the computer is already compromised.
  • If you have a voice encryption system but your PC is infected by a trojan, the computer is already compromised.
  • If you have a voice encryption system but your mobile phone is infected by a trojan, the mobile phone is already compromised.

No matter which software you are running, in such case the security of your operating environment is compromised and in one way or another way all the information integrity and confidentiality is compromised.

Like i explained above how to intercept PhoneCrypt.

The only things that can protect you from this threat is running in a closed operating system with Trust Computing capability, implementing it properly.
For sure on any “Open” operating system such us Windows, Windows Mobile, Linux, iPhone or Android there’s no chance to really protect a software.
On difficult operating system such as Symbian OS or RimOS maybe the running software can be protected (at least partially)

That’s the reason for which the security concept that guys are leveraging to carry on their marketing campaign has no clue.
It’s just because they control the environment, they know Flexispy software and so they adjusted their software not to be interceptable when Flexispy is installed.
If you develop a trojan with the other techniques i described above you will 100% intercept PhoneCrypt.

On that subject also Dustin Tammel, Security researcher of BreakPoint Systems, pointed on on VoIP Security Alliance mailing lists that the security analysis is based on wrong concepts.

The PhoneCrypt can be intercepted: it’s just that they don’t wanted to tell you!

PhoneCrypt can be intercepted with “on device spyware”.
Because Windows Mobile is an unsecure operating environment and PhoneCrypt runs on Windows Mobile.
Windows Mobile does not use Trusted Computing and so any software can do anything.
The platform choice for a secure telephony system is important.
I quickly discussed with some knowledgeable windows mobile hackers about 2 different way to intercept PhoneCrypt with an on-device spyware (given the unsecure Windows Mobile Platform).

a) Inject a malicious DLL into the software and intercept from within the Phonecrypt itself.
In Windows Mobile any software can be subject to DLL code injection.
What an attacker can do is to inject into the PhoneCrypt software (or any software running on the phone), hooking the Audio related functions acting as a “function proxy” between the PhoneCrypt and the real API to record/play audio.
It’s a matter of “hooking” only 2 functions, the one that record and the one that play audio.
Read the official Microsoft documentation on how to do DLL injection on Windows Mobile processes. or forum discussing the technique of injecting DLL on windows mobile processes.
That’s simple, any programmer will tell you to do so.
They simply decided that’s better not to make any notice about this.
b) Create a new audio driver that simply act as a proxy to the real one and intercept PhoneCrypt
In Windows Mobile you can create new Audio Drivers and new Audio Filters.
What an attacker can do is to load a new audio driver that does not do anything else than passing the real audio driver function TO/FROM the realone. In the meantime intercept everything recorded and everything played :-)
Here there is an example on how to do Audio driver for Windows Mobile .
Here a software that implement what i explain here for Windows “Virtual Audio Cable” .
The very same concept apply to Windows Mobile. Check the book “Mobile Malware Attack and Defense” at that link explaining techniques to play with those techniques.
They simply decided that’s better not to make any notice to that way of intercepting phone call on PhoneCrypt .
Those are just 2 quick ideas, more can be probably done.

Sounds much like a marketing activity - Not a security research.

I have to tell you. I analyzed the issue very carefully and on most aspects. All this things about the voice encryption analisys sounds to me like a marketing campaign of SecurStar GmbH to sell PhoneCrypt and gain reputation. A well articulated and well prepared campaign to attract the media saying, in an indirect way cheating the media, that PhoneCrypt is the only one secure. You see the press releases of SecurStar and of the “Security researcher Notrax telling that PhoneCrypt is the only secure product” . SecurStar PhoneCrypt is the only product the anonymous hacker “Notrax” consider secure of the “software solutions”.
The only “software version” in competition with:

- SnapCell - No one can buy it. A security company that does not even had anymore a webpage. The company does not almost exist anymore.
- rohde-schawarz - A company that have in his list price and old outdated hardware secure phone . No one would buy it, it’s not good for genera use.

Does it sounds strange that only those other products are considered secure along with PhoneCrypt .

Also… let’s check the kind of multimedia content in the different reviews available of Gold-Lock, Cellcrypt and Phonecrypt in order to understand how much the marketing guys pressed to make the PhoneCrypt review the most attractive:

Application Screenshots of application Video with demonstration of interception Network demonstration
PhoneCrypt 5 0 1
CellCrypt 0 2 0
GoldLock 1 2 0

It’s clear that PhoneCrypt is reviewed showing more features explicitly shown and major security features product description than the other.

Too much difference between them, should we suspect it’s a marketing tips?

But again other strange things analyzing the way it was done…
If it was “an impartial and neutral review” we should see good and bad things on all the products right?

Ok, see the table below regarding the opinion indicated in each paragraph of the different reviews available of Gold-Lock, CellCrypt and Phonecrypt (are the only available) to see if are positive or negative.

Application Number of paragraphs Positive paragraphs Negative paragraphs Neutral paragraphs
PhoneCrypt 9 9 0 0
CellCrypt 12 0 10 2
GoldLock 9 0 8 1

Detailed paragraphs opinion analysis of Phonecrypt
Paragraph of review Opinion expressed
From their website Positive Marketing feedback
Apple iPhone Positive Marketing feedback
Disk Encryption or voice Encryption Positive Marketing feedback
PBX Compatibility? Really Positive Marketing feedback
Cracking <10. Not. Positive Marketing feedback
Good thinking! Positive Marketing feedback
A little network action Positive Marketing feedback
UI Positive Marketing feedback
Good Taste Positive Marketing feedback
Detailed paragraphs opinion analysis of Gold-Lock 3G
Paragraph of review Opinion expressed
From their website Negative Marketing feedback
Licensed by The israeli Ministry of Denfese Negative Marketing feedback
Real Company or Part Time hobby Negative Marketing feedback
16.000 bit authentication Negative Marketing feedback
DH 256 Negative Marketing feedback
Downad & Installation! Neutral Marketing feedback
Cracking it <10 Negative Marketing feedback
Marketing BS101 Negative Marketing feedback
Cool video stuff Negative Marketing feedback
Detailed paragraphs opinion analysis of CellCrypt
Paragraph of review Opinion expressed
From their website Neutral Marketing feedback
A little background about cellcrypt Negative Marketing feedback
Master of Marketing Negative Marketing feedback
Secure Voice calling Negative Marketing feedback
Who’s buying their wares Negative Marketing feedback
Downad & Installation! Neutral Marketing feedback
My Demo environment Negative Marketing feedback
Did they forget some code Negative Marketing feedback
Cracking it <5 Negative Marketing feedback
Room Monitoring w/ FlexiSpy Negative Marketing feedback
Cellcrypt unique features.. Negative Marketing feedback
Plain old interception Negative Marketing feedback
The Haters out there Negative Marketing feedback

Now it’s clear that from their point of view on PhoneCrypt there is no single bad point while the other are always described in a negative way.
No single good point. Strange?
All those considerations along with the next ones really let me think that’s very probably a marketing review and not an independent review.

Other similar marketing attempt from SecurStar

SecurStar GmbH is known to have used in past marketing activity leveraging this kind of “technical speculations”, abusing of partial information and fake unconfirmed hacking stuff to make marketing/media coverage.
Imho a rare mix of unfairness in leveraging the difficult for people to really understand the complexity of security and cryptography.

They already used in past Marketing activities like the one about creating a trojan for Windows Mobile and saying that their software is secure from the trojan that they wrote.
Read about their marketing tricks of 2007

They developed a Trojan (RexSpy) for Windows Mobile, made a demonstration capability of the trojan and later on told that they included “Anti-Trojan” capability to their PhoneCrypt software.They never released informations on that trojan, not even proved that it exists.

The researcher Collin Mulliner told at that time that it sounds like a marketing tips (also because he was not able to get from SecurStar CEO Hafner any information about that trojan):

“This makes you wonder if this is just a marketing thing.”

Now, let’s try to make some logical reassignment.
It’s part of the way they do marketing, an very unfriendly and unpolite approach with customers, journalist and users trying to provide wrong security concepts for a market advantage. Being sure that who read don’t have all the skills to do in depth security evaluation and find the truth behind their marketing trips.

Who is the hacker notrax?

It sounds like a camouflage of a fake identity required to have an “independent hacker” that make an “independent review” that is more strong on reputation building.
Read about his bio:

¾ Human, ¼ Android (Well that would be cool at least.) I am just an enthusiast of pretty much anything that talks binary and if it has a RS232 port even better. During the day I masquerade as an engineer working on some pretty cool projects at times, but mostly I do the fun stuff at night. I have been thinking of starting an official blog for about 4.5 years to share some of the things I come across, can’t figure out, or just cross my mind. Due to my day job and my nighttime meddling, I will update this when I can. I hope some find it useful, if you don’t, well you don’t.

There are no information about this guy on google.
Almost any hacker that get public have articles online, post in mailing archive and/or forum or some result of their activity.
For notrax, nothing is available.

Additionally let’s look at the domain…
The domain is privacy protected by domainsbyproxy to prevent understanding who is the owner.
The domain has been created 2 months ago on 01-Dec-09 on registrar.

What’s also very interesting to notice that this “unknown hacker with no trace on google about him that appeared on December 2009 on the net” is referred on SecurStar GmbH Press Release as a “An IT security expert”.

Maybe they “know personally” who’s this anonymous notrax? :)

Am i following my own conspiracy thinking or maybe there’s some reasonable doubt that everything was arrange in that funny way just for a marketing activity?

Social consideration

If you are a security company you job have also a social aspects, you should also work to make the world a better place (sure to make business but “not being evil”). You cannot cheat the skills of the end users in evaluating security making fake misleading information.

You should do awareness on end users, to make them more conscious of security issues, giving them the tools to understand and decide themselves.

Hope you had fun reading this article and you made your own consideration about this.

Fabio Pietrosanti (naif)

p.s. Those are my personal professional opinion, let’s speak about technology and security, not marketing.
p.p.s. i am not that smart in web writing, so sorry for how the text is formatted and how the flow of the article is unstructured!

O3B Networks: a new satellite broadband approach

That’s something amazing, “other 3 billion” broadband coverage not trough fiber but trough satellite.

A project where also google is one of the shareholder, covering 3 billion persons trough low orbit, low latency broadband (10GBit) satellite network.

Check here technical infrastructure details on ITU website.

Location Based Services: the big brother thanks you ;-)

Do you use your iphone, google phone, blackberry or nokia smartphone with cool built-in GPS?

Well law enforcement can now know even better where you are, at any time, even with historical data and much better than BTS based location systems.

Sprint has given 8 million times customer’s GPS information to law enforcement (sound something like a semi-automatic request).

Read here.

Nice extract is:

Sprint Nextel provided law enforcement agencies with its customers’ (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers.

The informations was provided at wiretapping and interception industry conference ISS WASH in Washingtown.

If you want see directly the video:

Sprint: 50 million customers, 8 million law enforcement GPS requests in 1 year from Christopher Soghoian on Vimeo.

Then you know that “big brother” is watching you only because you let him to watch you.

This is big business, this is the American way

43 years old “UFO eccentric” hacker Gary McKinnon just loses appeal against his extradition to the States for computer crimes he committed 7 years ago.

If you’ve lived under a rock during the last few years what this dude did was basically break into .gov computers looking for UFO related material.

Probably the last case of recreational hacking I’ve heard about.

So his case is obviously going to be a classical “Strike one to educate one hundred” kind of message to every hacker attacking american computer systems: we can reach you everywhere you live and have you extradited to our country where we will sentence you to life in prison.

Unless you are a multi millionaire cyber criminal living in Russia or a chinese spy, of course.

Iphone jailbreaking crashing towers? FUD!

It’s interesting to read a news about an anti-jailbreaking statement by apple that say that with jailbreaked phones it may be possible to crash mobile operator’s towers:

By tinkering with this code, “a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data,”

So fun, as the Baseband Processor interface of iPhone is precisely the same of Google android and all Windows Mobile powered devices:

Basically the operating system use AT commands (do you remember old hayes modem commands?) with additional parameters documented and standardized by 3GPP that let more deep (but not that much deep) interaction with the mobile networks.

Please note that those AT commands are standard and widely available on all phones and are the interface to the Baseband Processor.

On iPhone that’s the list of commands that an from apple point of view could let “a international hacker to crash the tower software” :

Undocumented commands on iPhone

Damn, those European anarchist of Nokia are providing publicly also their AT command sets, and are AVAILABLE TO ANYONE:

Nokia AT Commands

Oh jesus! Also the terrorist oriented Microsoft corporation let third party to use AT commands:

Windows Mobile AT Commands

It’s absolutely unacceptable that also RIM, canadian funky against USA, provide access to AT commands:

Blackberry AT commands

And it’s unbelivable to see that Google Android also document how the system speak to the Baseband Processor and find on forums that it’s ease to access it:

Google Android Basedband Processor

Not to speak to ALL other mobile manufactuer that use the very same approach and let any party to speak via AT commands to the baseband processor of the phone.

Is the baseband processor of iphone buggy and the AT&T tower software buggy so that it’s dangerous to let the user make experiment with it?

Probably yes, and so those are only excuse because the software involved are not robust enough.

Apple, be careful, you have the trust of your users because you are apple you always have done things for the user advantages.

Users does like telephone companies that are huge lobbies that try to restrict and control users as much as possible.

If you, Apple, start behaving like a phone company users will not trust you anymore.

Be careful with FUD statements.

Nokia World in Stuttgard 2-3 September

Everyone who’s business is directly connected to mobile, aggregators, operators and generally speaking mobility application should really attend Nokia World where most of the world key people in the mobile business .

It’s extremely interesting to see the evolution of the business models related to the Application Portals, how the mobile operators are changing their approach to the market, the increasing of value added services related to mobile industry.

And the most important things is, the mobile operators will be able to became financial operators to really provide mobile payment systems integrated into any day digital life?

And if this will happen, how the manufacturer and operating system provider will play this game?

Saas: is the end of the myth?

Saas business models growth a lot during the past few years and i personally appreciate it.

No software to be installed, configured, maintained, service available when you needed with a early adoption time and most important reduction (or apparent reduction) of the total costs of ownership.

I had few experience with SaaS business (as a customer) and i have to say that the following Gartner Group analysis on SaaS businesses imho tell you the truth only for half of statements:

  • There is always a partial integration issue (not all systems are so flexible to really integrate into your business like you would like)
  • There is often a lacks of the technical requirements needed by the specific business case
  • I DO NOT agree that there is a barrier in the costs, as SaaS usually let you start spending only a few. However it’s true that while doing the deployment you should be more conservative in the usage of features and items (es: I am using for my company a hosted VoIP PBX system, we pay for each extension we add. We don’t have test extension or extensions that are not strictly needed because it costs. When we had an internal VoIP PBX system, we was plenty of test extension. This slightly increase some complexity in maintenance and deployment, even if the total cost of maintenance is a lot lower than an internal system to be managed.

So we can assume that Saas it’s for most but not for all, especially if the need of customizations for the very specific business needs are relevant.

An in depth analysis and testing has to be carried on, in order to discover all the limits of the solution, on functionalities and pricing, to really discover if the specific solution fit the business need.

Mobile platform hacking: worms and botnet from phones?

The hacking community is finally starting seriously auditing and hacking Symbian OS, even if it’s difficult, hard to work on, unpleasant to debug it .

There are so many mobile operating systems (Symbian OS, Nokia S40, Windows Mobile, RIM OS, Mac OS X, Android/Linux, Brew) that a worm/virus being able to leverage a cross-platform vulnerability it’s just a theory.

Trusted computing platforms, security model of J2ME Java only phones (like RIM and S40), digital signature everywhere are all tools that make massive hacking on mobile platform really difficult.

It’s difficult and costly to develop on mobile platforms, it’s difficult and costly too doing hacking on that platforms.

Still look at a very nice achievement of paper from SEC Consult called Pwning Nokia phones (and other Symbian based smartphones) .

Can we expect future worms or botnet on mobile? I don’t expect so, too many different OS with hard-to-beat security model.

And even if a worm would be able to penetrate a single mobile paltform bugs, mobile operators would be able to block it very quickly (compare how many GSM/UMTS operator exists compared to Internet Service Provider?).

The real goal of online marketing: lead generation

Often i discuss about online marketing, however it include the mysterious “marketing” magic word that’s tipically subject to misunderstanding and misconception .

The end goal of online marketing is to generate qualified leads coming from international markets.

Some interesting links about it, and how things should be properly done are below:

I would really like to see an effective leverage of online techniques and tools as the main interface and providers of information, the main pre-sales agent of the company explaining almost everything required to get back a qualified lead.

How the various audio compression codec sounds?

You know, we would not be able to use VoIP and have cheap international phone calls without audio compression codecs.

It’s plenty of them, some royalty free, some patented by telco’s lobby (think that some patented and royalty-based codec it’s also a standard, where all market player have to pay the most aggressive one that acquired the patent while defining the standards).

However, there is a nice collection from vocal, to understand how they sounds.

Voice Security and Privacy slides

Below my slides on voice security and privacy from Security Summit 2009.

mmm, yes i am working in this area from 2005, will write again about it.