Information Security News mailing list archives
Vulnerabilities found in code library used by encrypted phone call apps
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 2 Jul 2013 05:57:54 +0000 (UTC)
https://www.computerworld.com/s/article/9240473/Vulnerabilities_found_in_code_library_used_by_encrypted_phone_call_apps By Lucian Constantin IDG News Service July 1, 2013ZRTPCPP, an open-source library that's used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security.
ZRTPCPP is a C++ implementation of the ZRTP cryptographic key agreement protocol for VoIP (voice over IP) communications designed by PGP creator Phil Zimmermann.
The library is used by secure communications provider Silent Circle in its Silent Phone app, as well as by other programs that support encrypted phone calls, including CSipSimple, LinPhone, Twinkle, several client apps for the Ostel service and "anything using the GNU ccRTP with ZRTP enabled," said Azimuth Security co-founder Mark Dowd in a blog post on Thursday.
Following the recent reports about the U.S. National Security Agency's data collection programs that appear to cover Internet audio conversations, there's been an increased interest into encrypted communication services from end users.
[...] -- Visit the new and improved InfoSec News website http://www.infosecnews.org/
Current thread:
- Vulnerabilities found in code library used by encrypted phone call apps InfoSec News (Jul 01)