Saturday, October 22, 2011

The German virus and the snom m9

In Germany there was recently a major scandal about the “Bundestrojaner”. This was a Trojan horse programmed by a consultant company to infect PC of gangsters. Fortunately or unfortunately the CCC (Chaos Computer Club) found the thing and dissembled it—showing shockingly simple APIs to control it and they even published the encryption key for the encryption of the data. It was a major uproar and even the parliament had to deal with the question how this all could happen. Everyone was quick to mention that everything was within the scope of the law and order and that everything was under control.

However, this leaves a lot of questions open. In short, every program that you install knowingly or not knowingly is a leap of faith. Let’s go quickly through my checklist for Trojan horses:

·         It has access to the file system and/or to other interesting resources like the microphone or camera. This is what the guys are after.

·         It has access to the network and opens the firewall and it keeps that connection open for a long time. This makes it easier to receive commands, for example instant messages with text content that is being displayed on the screen or remote commands to read the file system and send them back as instant message.

·         It may use an encrypted protocol to send the data, so no one can figure out what exactly is being sent. Ideally uses an encryption protocol that is not publically known.

·         It registers the user in a public location, so that someone who wants to get access to it does not have to search where the laptop is right now.

·         It has this irresistible reason to use it, for example “I can make free phone calls with all my friends now”.

This frankly reads like the feature list of any soft phone. If you install that free softphone from Kudingingrad and ever wondered how these guys make money: well the answer is the might make money with your data. For example, give that banker in Wall Street a free softphone (greedy as these guys are, probably he can’t resist the “for free” temptation) and start speculating in the stock market with the extra information you get directly from the source. From time to time, you can even set the price!

So let’s say snom is an evil company and wants to get all your data, using the snom m9. The problem starts with the first point on the checklist. How can the phone get access to any useful data? That’s a challenge; maybe it is able to get access to the LDAP directory and upload that to that spy server. It could turn on the microphone and send all the data to that evil server in the former headquarters of the Stasi in East Berlin. However user might complain that the battery standby time really does go down significantly after the last upgrade… Because there is no video, seeing what is going on in the room is also not an option. The m9 is really a bad platform for stealing information. Sorry, evil snom.

The bottom line is that anything running on your computer or tablet or smart phone or whatever is a leap of faith. If you want to play safe with networking stuff just buy some gear that has no access, just like the snom m9 or the other snom desktop phones…


  1. so what you are saying is:
    "if I were evil, I might steal you data and record your conversations. But since I'm not: trust me, trust snom and buy m9!!"

    Correct me if I got it wrong....

  2. The amount of trust you need for the snom m9 is far less than for a soft phone... And just watch the battery.

  3. Trust level needed for an m9 is less than a soft phone, I concede. But there is a charging station and unless you ensure that mic is always off when on the dock, why should I believe you?

  4. The ultimate way to check if the phone is doing anything bad is to look at the Ethernet interface for any unusual activity. Encrypted UDP packets every 20 ms without a call going on to a server that is not your PBX would be suspicious for example.

    Also check your car with handsfree mode operation. Maybe your car manufacturer is also eval and wants to record all the bad words you say when you are stuck in traffic!

  5. pcap can be pushed at midnight ? :) 'Tempest' program was there for a reason...