These are exactly the kind of attacks the encrypted voice communication solution protect against. Notrax’s approach was clever and an effective attack on the solutions themselves but that’s not what the solution protects against. I am not saying they’re unhackable, everything is ultimately. Encryption doesn’t protect anything by making it impossible to get only unfeasible because of the time requirement after all.

John, two hours or realtime is basically the same; I wouldn’t feel secure if data I wanted to protect was secure for a mere two hours for sure. This means that if one divulges confidential information on a mobile phone he would definitely need an extra layer of security such as further encrypting that call and obviously protecting the physical security of his mobile phone as best as possible.

German cryptographer Karsten Nohl, who led a group of researchers who announced in December that they’d cracked the encryption code for GSM, which is used by 80 percent of all the world’s cellphones, says that the cipher used to encrypt GSM conversations hasn’t been changed in 21 years. That’s just too long.

Just two weeks after Nohl’s crew cracked GSM’s encryption, a team of cryptographers at Israel’s Weizmann Institute of Science divulged a process for decrypting transmissions sent over newer 3G networks, which is supposed to be more secure than GSM. Since the method requires two hours on a single PC to perform, so it can’t be used to listen in on real time cell phone calls–yet–but it’s only a matter of time.

and the link to the project page http://reflextor.com/trac/a51

I totally agree with you about physical security, once it’s lost there are no real countermeasures. You can take the recent hack of a TPM device, which was quite unthinkable. (http://windowsteamblog.com/blogs/windowssecurity/archive/2010/02/10/black-hat-tpm-hack-and-bitlocker.aspx)

Best regards.

Leandro
http://Blogs.prisma.cc/leandro