Archive for March, 2009

Encrypted Phone Calls

Monday, March 2nd, 2009

This is mostly a note-to-self, so if you don’t have any interest in encrypted VoIP, you might as well go ahead and skip over this blog post.

First, some background information… I had an interesting phone conversation with Adam Panagia, the manager of AT&T’s Global Fraud department. From a conference bridge, we placed an outbound call to his cell phone without passing ANI to see how easy it would be for him to trace the call. He immediately answered and knew who was calling, which was pretty impressive. As it turns out, Adam was already listening to the conference call by sitting on the line of one of the parties on the conference. We know this was the case because after Adam hung up his cell phone and kept speaking in the conference, the “Talking” light on the conference web interface for one of the other parties would illuminate. In other words, Adam was speaking through the phone line of someone else who was on the conference call.

Adam, who works for AT&T can intercept and even speak on behalf of practically any long distance phone call with ease. In this case, he was intercepting a call in real-time that was originating from a Verizon land line. So, the carrier matters not. Obviously he’s not the only one who can do this. It goes without saying that there are likely dozens, if not hundreds, of government employees who can do the same thing.

So, if you’re interested maintaining privacy, you only have two options: Bypass the PSTN altogether or use encryption.

Why not do both?

The software released by the Zfone Project, which was founded by the creator of PGP, is of particular interest to me. Two-party phone calls can easily be accomplished by using Zfone on both ends with a VoIP softphone.

But what about conference calls? That’s a little bit more complicated, but it seems that the ZRTP patch for Asterisk could be used to allow each party to place an encrypted call to an Asterisk box, where a conference could be mixed.

But who wants to be limited to softphones? In theory, you don’t have to be. Sure, a company called TiVi makes software for cell phones that allows you to place encrypted VoIP calls over WiFi, but what about the analog phones everyone is already used to? I have an idea as to how to accomplish this: Get a tiny motherboard like a Mini-ITX or Nano-ITX, which can be had for cheap. Get a $10 voice modem. Install Asterisk with the ZRTP patch, and configure it to use the voice modem as an FXO port… and Bingo! You have a cheap homemade ATA with full encryption support.

I was going to go back and add links for all the acronyms, but since this was a very casual note-to-self, and since I have other work I need to be doing, you’ll just have to Google it if you see something you don’t recognize.