Brainfoldb4u's Blog

Just another weblog

Voice Encryption

Posted by brainfoldb4u on January 28, 2010

Voice Encryption, almost more than 65% of worlds population uses mobile phone and mobile phone business is in multi million dollars.   We use mobile phone to even book online tickets using Credit card number, personal details and so many occasions we tend to have one or few of these details as our password just to keep it simple. As a general user we assume our telephone conversations are secure and no one else hearing out conversation other than the person we are speaking to.Law enforcement agencies can tap your call but they wont do it unless it is very necessary .

But the reality is any one with basic technical skills and financially motivated.

Statistics show Government agencies on average conduct 50,000 legal wiretaps per year (legal= those where a court order is required), (Let’s not forget Echelon ) another 150,000 phones are illegally tapped by private detectives, spouses and boyfriends and girlfriends trying to catch a potential cheater.  Another estimate shows up to 100,000 phones are wiretapped by companies and private industry in some form of industrial espionage. It is happening and it is a big business.

It’s indeed becomes essential for us to know the ways to secure at least understand the risk of the potential exploit. I saw this article with  technical explanation containing how secure the voice encryption products are..  According to

I knew if I was able to compromise the security I just had to decide if it was as, less or more effective than breaking the encryption and which method was the most efficient. Unfortunately for almost all of  solutions they failed and I was able to simply compromise their security, intercept a phone call in real-time bypassing the entire encryption. The really surprising element was, how extremely simple it is.

All of the products have basic system requirements (i.e. OS, data connection etc) Well, they also all depend on the spoken voice being fed into the microphone.  This is the basic concept of some of the commercial wiretapping tools available on the market, so I thought I would take the same approach.
At what point does the software begin to encrypt the voice input and audio output ? So lets capture it before that happens.   This way I do not have to bother or worry about what encryption algorithms or key exchanges are being used, it really becomes a non issue.

To read more about the technical voice encryptions click here

Lack of voice encryption opens world of attack opportunities with readily available wiretapping utility, costing as little as $100, as well as his own ‘homemade’ Trojan, Notrax was able to bypass the encryption and eavesdrop by capturing conversations from the microphone and speaker in real time. By suppressing any rings, notifications or call logs, these attacks go completely undetected. And while Trojans can be installed manually by someone with access to the phone, they could equally be delivered via email, SMS or a mobile application.

List of Software solutions available with their tested status

The list of tested solutions includes:

  • Caspertec (Software) – Intercepted / insecure
  • CellCrypt (Software) – Intercepted / insecure
  • Cryptophone (Hardware) – Intercepted / insecure
  • Gold-Lock (Software) – Intercepted / insecure
  • Illix (Software) – Intercepted / insecure
  • No1.BC (Hardware SD-Card) – Intercepted / insecure
  • PhoneCrypt (Software) – Secure
  • Rode&Swarz (Hardware Bluetooth) – Secure
  • Secure-Voice (Software) – Intercepted / insecure
  • SecuSmart (Hardware SD-Card) – Intercepted / insecure
  • SecVoice (Software) – Intercepted / insecure
  • SegureGSM (Software) – Intercepted / insicure
  • SnapCell (Hardware) – Secure
  • Tripleton (Hardware) – Still Under Review
  • Zfone (Software) – Intercepted / insecure
  • ZRTP (Software) – Intercepted / insicure.

Phone Crypt,  and Rode&Swarz are two products considered secure and i can find product reviews on


Phone Crypt is an innovative solution based in military grade encryption (RSA 4096 bits and AES 256 bits), the same technology used by FBI and CIA, which effectively protects your landline, mobile and PBX phones from access of intruders. IT also protects against trojan horse.

PhoneCrypt Features

• RSA 4096 bit & AES 256 bit Encryption;
• Diffie-Helman (DH) Key Exchange;
• MD5 & SHA512 Hash for voice integrity;
• Protection Agents detects, alerts and defends against attacks;
• Excelent voice quality;
• Easy to use and intuitive interface for users – the user doesn’t need knowledge in security or technology;
• Voice encryption, immediate and automatic message, without any need of interaction from the user;
• The software uses internet connectivity through 3G, UMTS, HSPA, W-CDMA, EDGE, GPRS and WiFi to data transmission;
• Completely safe –  no secure data it is saved in the device at any time;
• No user intervention is required in security procedures;
• Less requirement use for processor (less than150 MHz);
• Works in devices with Windows Mobile systems without modify or inhibit any other function;
• Encrypt communication in landline and mobile phones;
• Advanced detector of phone calls;
• Superior voice quality (QOS).

To get an detail technical insight of phonecrypt, click here

I urge you to read the interesting article/demo from to gain more understanding on voice encryption products.

Some recent news development about Cell Phone Security:

2 Responses to “Voice Encryption”

  1. The review does not consider the cryptographic strength.

    Of all the product reviewed no one use opensource cryptography and no one use standard cryptography.
    All them use “proprietary”, “closed”, “unknown” cryptographic system.

    All are using only “proprietary”, closed and supposed to be backdoorred encryption system with:
    – 0 transparency on cryptographic protocol (no one guarantee that’s secure or does not contain backdoors)
    – 0 transparency on cryptographic implementation (no one guarantee that the proprietary cryptographic protocol implementation is secure).

    Only the usage of ZRTP based secure solutions could be considered secure because match the criteria of transparency for the cryptographic protocol and their implementation.

    Unfortunately all the others cannot be considered “secure” as cryptographic require transparency.

    Fabio Pietrosanti

  2. Antonio Fracchetti said

    “…Only the usage of ZRTP based secure solutions could be considered secure because match the criteria of transparency for the cryptographic protocol and their implementation.

    Unfortunately all the others cannot be considered “secure” as cryptographic require transparency.

    Fabio Pietrosanti”

    This post is funny… 🙂
    Incidentally the poster :”Fabio Pietrosanti” is the company who sells this product …. Using this blog for making self advertising is really bad thing and this does not put good light to your products.

Leave a Reply to Fabio Pietrosanti Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: