VoIP's ease of use is a double-edged sword. Traffic can be intercepted from long distances because the wiretapper doesn't have to be close. In contrast, according to Zimmermann, the public phone system is somewhat secure. "Someone has to climb a phone pole and physically tap in," says Zimmermann Phil Zimmermann created Zfone. There have been encryption products introduced for VoIP, but they traditionally rely on a third party to verify the identities and keys of the caller and receiver. With Zimmermann's new application, you won't need a third party to verify the key. Each party generates a key pair and read off a three digit representation to the other side. If everything sounds acceptable, both parties click on the "Go Secure" button. He demonstrated this app to the crowds at the annual Black Hat and Defcon conferences, with mixed results. Using a soft phone on his Apple laptop, he attempted to call his friend in a remote location. The first demonstration at Black Hat worked great, but Zimmermann's second demonstration at Defcon, didn't do as well. At the beginning of the talk, the call would not connect, and ironically his friend called Zimmermann on a normal cell phone. According to Jon Callas, PGP Corporation's CTO, the problem could have been due to port blocking on the Defcon network. Later in the hour, some router settings were changed, and Zimmermann's demonstration worked. The prototype program works now and companies have looked at the protocol under NDA. Zimmermann will be releasing the program for free, but will also offer a commercial version. In addition, the source code will be released. More information can be obtained at Zimmermann's personal website, philzimmermann.com. Zimmermann's thinks it is important for other hackers to look at the code and he felt right at home speaking at Defcon. Voice over IP (also called VoIP, IP Telephony, Internet telephony, and has also been branded Digital Phone) is the routing of voice conversations over the Internet or any other IP network. The voice data flows over a general-purpose packet-switched network, instead of the traditional dedicated, circuit-switched voice transmission lines. Protocols used to carry voice signals over the IP network are commonly referred to as Voice over IP or VoIP protocols. Voice over IP traffic may be deployed on any IP network, including ones lacking an Internet connection, for instance on a private building-wide LAN. |