23C3 - 1.5

23rd Chaos Communication Congress
Who can you trust?

Speakers
Paul Wouters
Leigh Honeywell
Schedule
Day 2
Room Saal 2
Start time 21:45
Duration 01:00
Info
ID 1495
Event type Lecture
Track Hacking
Language English
Feedback

Mobile phone call encryption

Encrypting (GSM) mobile phone calls over VPN with an Asterisk PBX

To encrypt all your mobile phones to protect it from overzealous eavesdroppers, you are currently limited to using special hardware such as the Cryptophone. The disadvantage of cryptophone is that it only works with other cryptophones. To work around this, we turn mobile phones from "voice" phones into VOIP phones. Using the SIP protocol for VOIP and IPsec/L2TP or Openvpn as our VPN, Leigh Honeywell and Paul Wouters connect their mobile phones fully encrypted to an Asterisk PBX server.

The presentation, given by Asterisk expert Leigh Honeywell and VPN expert Paul Wouters will start with a description of the demise of the "old" telecom sector and the end of "voice" conversations. The replacement, Voice Over IP promises a lot of good things, but it comes at a price. Hacking VOIP calls on the internet is much easier. We can no longer trust the security of the telecom infrastructure. Forged caller-ID, charging someone else for your calls, breaking through firewalled networks, or abuse via VOIP services like Google, Jajah, Skype or others. We will demonstrate some of these attacks.

To address these problems, we need to be able to both authenticate and encrypt our calls. The solution presented is build with using Freely available (mostly open source) software and we will explain various aspects and ideas behind our setup and why we choose the various protocols and software packages.

We are currently working with various phones, such as the Linux based GreenPhone, the XDA's and other phones running either Linux or Microsoft Windows PDA phones.

Leigh and Paul will also hold a workshop, where they can go into the deep technical details on how to build your phones and your servers, and where people can try out our phones and secure PBX.