Home page logo
/

isn logo Information Security News mailing list archives

Vulnerabilities found in code library used by encrypted phone call apps
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 2 Jul 2013 05:57:54 +0000 (UTC)

https://www.computerworld.com/s/article/9240473/Vulnerabilities_found_in_code_library_used_by_encrypted_phone_call_apps

By Lucian Constantin
IDG News Service
July 1, 2013

ZRTPCPP, an open-source library that's used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security.

ZRTPCPP is a C++ implementation of the ZRTP cryptographic key agreement protocol for VoIP (voice over IP) communications designed by PGP creator Phil Zimmermann.

The library is used by secure communications provider Silent Circle in its Silent Phone app, as well as by other programs that support encrypted phone calls, including CSipSimple, LinPhone, Twinkle, several client apps for the Ostel service and "anything using the GNU ccRTP with ZRTP enabled," said Azimuth Security co-founder Mark Dowd in a blog post on Thursday.

Following the recent reports about the U.S. National Security Agency's data collection programs that appear to cover Internet audio conversations, there's been an increased interest into encrypted communication services from end users.

[...]



--
Visit the new and improved InfoSec News website
http://www.infosecnews.org/


  By Date           By Thread  

Current thread:
  • Vulnerabilities found in code library used by encrypted phone call apps InfoSec News (Jul 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault