Crypto phones – whether they are hardware devices or mobile apps – are a great way to assure that your VoIP communications remain private, but the security and privacy they offer is dependent on whether the users don’t make mistakes while using them.
“Crypto phones rely upon end users to perform two tasks: (1) checksum comparison: verbally communicating and matching short checksums displayed on users’ devices, and (2) speaker verification: ascertaining that the voice announcing the checksum is the voice of the legitimate user at the other end,” two researchers from the University of Alabama at Birmingham explained in their paper.
Knowing this, you might believe that using crypto phones couldn’t be simpler, and yet…
Maliheh Shirvanian and Nitesh Saxena performed a study involving 128 online participants, and concluded that, all in all, crypto phones offer a significantly weaker level of security than that guaranteed by the underlying SAS (Short Authenticated String) protocols, and that their usability is low, but still acceptable.
“To mimic a realistic VoIP scenario, we conducted our study using the WebRTC platform where each participant made a call to our IVR server via a browser, and was presented with several challenges having matching and mismatching checksums, spoken in the legitimate user’s voice, different speakers’ voices and automatically synthesized voices,” the researchers noted.
The participants were tested with benign and attack scenarios, and with different length checksums. Unexpectedly, a bigger checksum – e.g. 4 words instead of 2 – did not lead to better security, as it increased the possibility of human error in speaker verification and checksum comparison.
“Quantitatively, the overall average likelihood of failing to detect an attack session was about 25-50%, while the average likelihood of accepting a legitimate session was about 75%,” they shared.
Human errors could also lead to a bad user experience and, ultimately, poorer security. “Repeated protocol runs could frustrate the users to the point they may start accepting even MITM attack instances, or may give up using the crypto phone apps altogether, and rather resort to apps that do not at all protect the communications,” they concluded.