Re: NSA H.323 surveilance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi Jan,

Thank you for bringing up the point and I agree that this is indeed worrisome.

I have always had the notion that Skype (now under Microsoft control) is already in the bag. No sense in letting everyone know what you are already the master of.

Considering that the handshakes take place at virtually lightning speed, how is the mere mortal to know if their calls are being diverted via a rogue eavesdropping party? Encryption then serves no real purpose other than a smokescreen to create a false sense of security. Quite possibly the encrypted calls are the ones being monitored more than the non-encrypted calls.

Also, taking into account that they are able to tear open an IPSec tunnel in realtime and look inside is alarming by itself.

Then again, the new wave of WebRTC solutions emerging in my mind could already be designed with the MIM present and waiting. When I first heard about WebRTC and the fact that it supported browser to browser communications, it was exciting. But on closer inspection it is no different from a gatekeeper used in H.323. It also relies on an authentication server somewhere along the line. Only this time, you possibly installed the MIM box into your network.

H.323 at least gives you a sporting chance by allowing you to do a point to point call without the use of a gatekeeper. Please don't get me wrong, I am not dissing the gatekeeper function and I adore gnugk!

A few questions for all to ponder over:

1. What prevents the H.323 devices from being infected by some malware that automatically sends the AES encryption key to an external party for processing at the time of the call setup?

2. When you apply that new firmware on your codec, has it been prepared in such a way to allow for external rogue control of your VC system?

3. Do any commercial codecs have the self checking ability to determine if their firmware has been screwed with?

4. Could you give us an idea of how we can determine if our video calls are subject to intrusions?

5. Do you work for the NSA and are you whistleblowing right now?

Last one was a poke at you to see if you got this far down. :-P

Keep up the good work and please keep us informed.


On 2014/03/13 06:04 PM, Jan Willamowius wrote:

The Intercept just published a few very interesting slides how the NSA
intercepts H.323 (and SIP and Skype) VoIP traffic:

Notice how the HAMMERSTEIN component on page 4 "processes" the call
signaling as man-in-the-middle. This would pretty much match the attack
I have been warning about previously when I wrote "Why your AES
encryption might be worth nothing".

Another interesting fact seems to be that they targeted H.323 and SIP
before taking on Skype (bottom of page 2).


Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux