Key secure telephony applications wide open

Key core security components of several secure telephony applications, including the Silent Circle system developed by PGP creator Phil Zimmermann have some important security flaws.

Writing in his blog Mark Dowd of Azimuth Security said there are some problems with the GNU ZRTPCPP library.

Apparently the flaws have already have been addressed in a new version of the library and Silent Circle has implemented a fix too, but it requires people to update their software, smartish.

ZRTPCPP is a library that implements the ZRTP protocol that Zimmermann and others developed to establish secure sessions over a pre-existing connection.

Silent Circle is a cryptographically secure mobile phone application, and several other products implement the ZRTPCPP library.

The three holes will mean that an attacker has the ability to get remote code execution. Dowd said that the bugs can be exploited by remote, unauthenticated users. We guess he means the NSA.