Researcher Finds Majority of Phone Voice Encryption Apps Exploitable: However, Most of Us Need Not Worry

I have to admit that I was very concerned when I read this item…

MobileMag.com: Voice encryption for mobile phones cracked: 12 out of 15 methods deemed insecure

…which references this original research blog item…

InfosecurityGuard.com: Voice Encryption: 9 out of 10 Products are Worthless (Technical Description)

I still have a healthy level of concern but not as much as I did before I actually read Notrax’s (the security researcher’s pseudonym) article. Here’s why: Notrax tested third party phone encryption apps. These apps are used by people who have a serious need to keep their voice calls confidential. If you are one of these people, you really should read Notrax’s article because it is likely your security app is not working as well as you might have thought. However, for the vast majority of us, this is a cautionary tale. And, here’s something else about about these encrypted voice call exploits: It requires physical access to the target phone and the installation of a piece of software. Here’s an item from FAQ of the software Notrax used to perform the phone tests:

FlexiSpy Knowledgebase
3.2 Can I install FlexiSPY remotely?

No.

You need to have the phone physically in your hand for about 15 minutes. Installation is simple. You simply open up a web page on the mobile and enter your code to download. The install begins automatically and setting the options is simple. You can also change the settings and control some aspects of the phone itself, with secret remote SMS commands.

Planting this phone spyware on an iPhone is even more problematic because it requires jailbreaking the iPhone before installing FlexiSpy using the Cydia utility.