Whole Network Most Recent TOP10 Companies Industry News New Application skype

« fringME! Gives A Whole... | Main | Jangl Now Supports SMS... »

VoIP Can Be Sniffed? Get Real!

Filed in archive Dangers by Dameon Welch-Abemathy on November 27, 2007

This mass hysteria about being able to make WAV files of VoIP conversations, while only recently brought into the forefront with a tool called SIPtap, is completely unwarranted. In short: if someone can run this tool on your network and make WAV files of your phone calls, you've got far bigger problems.

Back in March of 2004, I wrote a fairly detailed piece for Voxilla about VoIP and security issues. There are several things I did not cover in this rather lengthy article, reading back on it now, but some things remain true with SIP. More after the jump.

Call Information Goes In The Clear: Yes with SIP, whom you are and whom you're calling does go in the clear. Yes, you can use Transport Layer Security (TLS) to encrypt this information.
The Voice Data Goes In The Clear: What you're saying also goes in the clear as well. This can be mitigated by using SRTP to encrypt the data portion of the call.

Even if you don't employ encryption for either the call control information or the voice channel, here's the real truth: Unless you can somehow see all the traffic between the two parties, you can't sniff a VoIP call. And you know what? That's difficult to do. As I wrote in 2004:

In order to actually intercept the call setup or voice data for an in-progress SIP call, you have to be at a location where the call is traveling through, either at the telephone service provider or the ISP. Since it's possible for a connection to change routes midstream, there are only a couple of points where it is practical to intercept a SIP call: On either the SIP client or proxy's premises, or at the ISP used by either endpoint. This isn't unique to SIP: a PSTN call can be intercepted in similar locations.

If you're looking for more meat, Mr Blog's got it.

Bottom line: This SIPtap thing is overblown. Not only is it infeasible to employ, it can easily be worked around by employing encryption. What do you think?

Permalink: VoIP Can Be Sniffed? Get Real!
Tags: voip+security siptap voip 2007 call sniffed+real voip+sniffed openads+delivery

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/103802

No strings attached VoIP service from VoIP.com - 19 January 2007

Get your VoIP protected from SPIT - 14 February 2007

Can Verizon VoIP patents affect competing VoIP services? - 19 April 2007

SIPtap oder: VoIP Abhören leicht gemacht - 26 November 2007

Vote for VoIP Can Be Sniffed? Get Real!:

Currently 7.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 7.0 out of 1 vote(s) cast.

Add your response to VoIP Can Be Sniffed? Get Real!: Response from: Rick McCharles Get Real! I couldn't agree with you more. Let's counter the hype! There is value in making the general public aware of the risks of an insecure environment. However, the vast majority of VoIP related security stories are repeated and sensationalized without any critical examination of the facts or assessment of the actual risk. Peter Cox, the author of SIPtap stated in response to my post on the subject, http://www.ric.ca/blog/2007/11/your-voip-is-being-hacked-hang.html that he designed the tool in order to raise VoIP security awareness and the need for encryption. Unfortunately, most authors who reported on the tool, seized the opportunity to grab attention-getting headlines and as a result have contributed to the myth that secure VoIP and IP Telephony is not possible. Thanks, Rick McCharles http://www.ric.ca/blog Response from: Tati I go with you on this one, if they get the chance to run this in your network, then you have 100k more important issues to cover before someone tapping in your voip conversations is a priority. But, I'd be careful with what you say, even when they can tap in, they can record you without letting you know (www.hotrecorder.com, www.easyvoiprecorder.com, etc...) Response from: PhoneBoy Recording one end of the call is not unique to VoIP, though it is easier to do on a computer than it is to do with a normal handset. Encryption doesn't make it impossible to do this, either, but it does make in-transit data a lot harder to capture. Response from: Discount International Calling Is it really possible to make wav files from voip phone conversation.? Response from: Dameon Welch-Abernathy It is possible if you can get to the right place(s) in the network and deploy the right tools.
Name: *	Email: (will never be shown)*	URL:

(* marked fields are required)
Notify me if more comments appear?	Subscribe to The VoIP Weblog newsletter? (Newsletters are sent out weekly).	Remember me
Security Code: * (Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)


We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

CW Toolbar
RSS	\| See all blog subscribe options
Google	\| What is RSS?
Yahoo!
Addthis
Bloglines
Newsletter

Advertisement - Book yours here.

Advertisement -
Book yours here..

Contributors (Last 90 days)
Dameon Welch-Abernathy (64)
This site has 860 entries and is powered by Creative Weblogging since October 2005.
Do you want to start or edit an existing blog for us and get paid? More info.
Do you want to advertise on this blog? We have great ideas!
Do you have tips for us? Send them!

Discover The VoIP Weblog on your cell phone! Simply type the URL of your favorite blog in your mobile browser.

Advertise with us
Learn more about our advertising options, visit our shop or give Sonja a call at +1 (650) 331 8047.
NEW you can also chat with us.

Business VoIP Solutions
Compare VoIP Services - Find the Best VoIP Provider for Your Needs
1-800-TRY-VOIP
Would you like to have a new interactive marketing channel for your company? Learn more about Sponsored Blogs with Creative Weblogging. See how we helped companies like Weblin and cellity reach their goals.
Would you like to reach millions of blog readers every day? See you banner on hundreds of blogs with TierOneAds? Stay in control measuring conversion in real time. Register now.
Would you like to make more money blogging? Use TierOneAds a new platform that allows you as a blogger to set your prices per impression. Register now.
Do you have a blog with more than 50k page views from the US? Let us market your blog and earn great fix payments and bonuses.

Would you like to see your text link here? Let us know!

Advertisement
Book yours here.

Testimonials
'Yours is the one blog most tightly aligned with my interests, most "great articles" from my point of view'

'Cool site!'

'Great information especially nowadays where the development is amazingly fast.'

I find it very creative and with unique news, which I think is great compared to some other blogs that just copy other blog's content.
Rodrigue Ullens, Voxbone

Other blogs in the same channel in the Creative Weblogging Network

Advertisement -
Book yours here..

Disclaimer
Some of the contents of this site are protected Creative Weblogging Ltd. 2004-2008.

Advertisement - Book yours here..

Blog this at your site VoIP Can Be Sniffed? Get Real!:

Login*	Password*


Your blog system

Save your login data? (* Your login data are stored securely and encrypted)
Please enter a comment that will appear right after the post on your site:

Tell a friend about VoIP Can Be Sniffed? Get Real!
Recipient email:*	Your email:*

(* Both email addresses are required for sending this article. They will never be shown or used for any marketing purposes)
Please enter a message which will be shown together with the article:

Security Code: (Please help us to sort out spam.)

VoIP Can Be Sniffed? Get Real!

Filed in archive Dangers by Dameon Welch-Abemathy on November 27, 2007

Related Entries:

Vote for VoIP Can Be Sniffed? Get Real!:

Add your response to VoIP Can Be Sniffed? Get Real!:

Blog this at your site VoIP Can Be Sniffed? Get Real!:

Tell a friend about VoIP Can Be Sniffed? Get Real!

Check out our Sponsored Blogs!

Our Editors recommend

Contributors (Last 90 days)

Categories

Archives

Advertise with us

Most popular

Testimonials

Recent Comments

Other blogs in the same channel in the Creative Weblogging Network

Technology

Disclaimer

Find more recent entries from our other publications:

Java Entrepreneur

The CIO Weblog

BlogWealth

P2P File Sharing

On Storage

HackITLinux