VoIP Can Be Sniffed? Get Real!
Filed in archive Dangers by Dameon Welch-Abemathy on November 27, 2007

Back in March of 2004, I wrote a fairly detailed piece for Voxilla about VoIP and security issues. There are several things I did not cover in this rather lengthy article, reading back on it now, but some things remain true with SIP. More after the jump.
- Call Information Goes In The Clear: Yes with SIP, whom you are and whom you're calling does go in the clear. Yes, you can use Transport Layer Security (TLS) to encrypt this information.
- The Voice Data Goes In The Clear: What you're saying also goes in the clear as well. This can be mitigated by using SRTP to encrypt the data portion of the call.
In order to actually intercept the call setup or voice data for an in-progress SIP call, you have to be at a location where the call is traveling through, either at the telephone service provider or the ISP. Since it's possible for a connection to change routes midstream, there are only a couple of points where it is practical to intercept a SIP call: On either the SIP client or proxy's premises, or at the ISP used by either endpoint. This isn't unique to SIP: a PSTN call can be intercepted in similar locations.
If you're looking for more meat, Mr Blog's got it.
Bottom line: This SIPtap thing is overblown. Not only is it infeasible to employ, it can easily be worked around by employing encryption. What do you think?
Permalink: VoIP Can Be Sniffed? Get Real!
Tags:
voip+security siptap voip 2007 call sniffed+real voip+sniffed openads+delivery
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/103802























