https://www.computerworld.com/s/article/9240473/Vulnerabilities_found_in_code_library_used_by_encrypted_phone_call_apps
By Lucian Constantin
IDG News Service
July 1, 2013
ZRTPCPP, an open-source library that's used by several applications
offering end-to-end encrypted phone calls, contained three vulnerabilities
that could have enabled arbitrary code execution and denial-of-service
attacks, according to researchers from security firm Azimuth Security.
ZRTPCPP is a C++ implementation of the ZRTP cryptographic key agreement
protocol for VoIP (voice over IP) communications designed by PGP creator
Phil Zimmermann.
The library is used by secure communications provider Silent Circle in its
Silent Phone app, as well as by other programs that support encrypted
phone calls, including CSipSimple, LinPhone, Twinkle, several client apps
for the Ostel service and "anything using the GNU ccRTP with ZRTP
enabled," said Azimuth Security co-founder Mark Dowd in a blog post on
Thursday.
Following the recent reports about the U.S. National Security Agency's
data collection programs that appear to cover Internet audio
conversations, there's been an increased interest into encrypted
communication services from end users.
[...]
--
Visit the new and improved InfoSec News website
http://www.infosecnews.org/
