Hi Jan,
Thank you for bringing up the point and I agree that this is indeed
worrisome.
I have always had the notion that Skype (now under Microsoft control) is
already in the bag. No sense in letting everyone know what you are
already the master of.
Considering that the handshakes take place at virtually lightning speed,
how is the mere mortal to know if their calls are being diverted via a
rogue eavesdropping party? Encryption then serves no real purpose other
than a smokescreen to create a false sense of security. Quite possibly
the encrypted calls are the ones being monitored more than the
non-encrypted calls.
Also, taking into account that they are able to tear open an IPSec
tunnel in realtime and look inside is alarming by itself.
Then again, the new wave of WebRTC solutions emerging in my mind could
already be designed with the MIM present and waiting. When I first heard
about WebRTC and the fact that it supported browser to browser
communications, it was exciting. But on closer inspection it is no
different from a gatekeeper used in H.323. It also relies on an
authentication server somewhere along the line. Only this time, you
possibly installed the MIM box into your network.
H.323 at least gives you a sporting chance by allowing you to do a point
to point call without the use of a gatekeeper. Please don't get me
wrong, I am not dissing the gatekeeper function and I adore gnugk!
A few questions for all to ponder over:
1. What prevents the H.323 devices from being infected by some malware
that automatically sends the AES encryption key to an external party for
processing at the time of the call setup?
2. When you apply that new firmware on your codec, has it been prepared
in such a way to allow for external rogue control of your VC system?
3. Do any commercial codecs have the self checking ability to determine
if their firmware has been screwed with?
4. Could you give us an idea of how we can determine if our video calls
are subject to intrusions?
5. Do you work for the NSA and are you whistleblowing right now?
Last one was a poke at you to see if you got this far down. :-P
Keep up the good work and please keep us informed.
Mike
On 2014/03/13 06:04 PM, Jan Willamowius wrote:
Hi,
The Intercept just published a few very interesting slides how the NSA
intercepts H.323 (and SIP and Skype) VoIP traffic:
https://firstlook.org/theintercept/document/2014/03/12/vpn-voip-exploitation-hammerchant-hammerstein/
Notice how the HAMMERSTEIN component on page 4 "processes" the call
signaling as man-in-the-middle. This would pretty much match the attack
I have been warning about previously when I wrote "Why your AES
encryption might be worth nothing".
http://www.gnugk.org/h323-encryption.html
Another interesting fact seems to be that they targeted H.323 and SIP
before taking on Skype (bottom of page 2).
Regards,
Jan
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________________
Posting: mailto:Openh323gk-users@lists.sourceforge.net
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
