[h323implementers] NSA H.323 surveilance

Jan Willamowius jan at willamowius.de
Fri Mar 14 09:08:13 EDT 2014


right now nobody is even using TLS. Decrypting H.323 currently is
like taking candy from a baby.

While TLS can and should be improved, simply starting to use it would
considerably raise the bar for any eavesdropper.

The transitive trust model means I have to trust my and my partners
gatekeeper. But thats still a lot better than exposing all my secrets
to everybody like we currently do.
This is not the fault of the ITU specs which specify that implementers
must encrypt the key negotiation. Its the fault of vendors failing to
implement them correctly.


Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail  : jan at willamowius.de
Website: http://www.gnugk.org
Support: http://www.willamowius.com/gnugk-support.html

Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584

Paul E. Jones wrote:
> Jan,
> There is no doubt that we need to improve security.  Most of the H.323 
> and SIP networks follow a transitive trust model.  That wouldn't be so 
> bad, except there appear to be multiple weaknesses with TLS 
> certificates.
> Are they able to compromise a certificate without creating a bogus 
> certificate?  Or are they using bogus certificates?  (The latter is 
> actually trivial for them to do.  Most people would never recognize that 
> a bogus certificate was employed.)
> Both H.323, SIP, and the forthcoming H.325, we need to take additional 
> steps to fight against MiTM attacks.  It's likely impossible to remove 
> the transitive trust element, though.
> Paul
> ------ Original Message ------
> From: "Jan Willamowius" <jan at willamowius.de>
> To: "openh323gk-users at lists.sourceforge.net" 
> <openh323gk-users at lists.sourceforge.net>
> Cc: h323implementers at lists.packetizer.com
> Sent: 3/13/2014 12:04:18 PM
> Subject: [h323implementers] NSA H.323 surveilance
> >Hi,
> >
> >The Intercept just published a few very interesting slides how the NSA
> >intercepts H.323 (and SIP and Skype) VoIP traffic:
> >
> >https://firstlook.org/theintercept/document/2014/03/12/vpn-voip-exploitation-hammerchant-hammerstein/
> >
> >Notice how the HAMMERSTEIN component on page 4 "processes" the call
> >signaling as man-in-the-middle. This would pretty much match the attack
> >I have been warning about previously when I wrote "Why your AES
> >encryption might be worth nothing".
> >
> >http://www.gnugk.org/h323-encryption.html
> >
> >Another interesting fact seems to be that they targeted H.323 and SIP
> >before taking on Skype (bottom of page 2).
> >
> >Regards,
> >Jan

More information about the h323implementers mailing list