Educated Guesswork: OMG, you mean VoIP is tappable?

« Combined software and services and wiretapping | Main | Race to the front »

November 24, 2007

OMG, you mean VoIP is tappable?

For some reason, Peter Cox's SIPtap program is getting press. First, it's immediately obvious to anyone with even minimal knowledge of networking that if you have access to the packets of a VoIP flow (or for that matter any other unencrypted network flow), you can reconstruct the data. That's why people use encryption. So, this is hardly news. That's why the IETF and others have spent a lot of time building security protocols for VoIP. Many current VoIP phones come with some encryption now and the newer stuff will be more secure and easier to deploy.

OK, so it's common knowledge. On the other hand, Cox doesn't say he discovered it, just that this is a "proof of concept". Given that it's droolingly easy to write an RTP decoder and that VoIPong and Vomit and Wireshark already existed, it's hard to see exactly what concept is being proved, other than that with enough hype you can get your name in the paper.

UPDATE: Fixed typos

Posted by ekr at November 24, 2007 8:27 PM | Filed under: COMSEC

Comments

This is indeed ridiculous. I read through the article and wasn't surprised to see the ZPhone and Phil mentioned.

Posted by: Hannes Tschofenig at November 25, 2007 11:40 AM