Categories: VoIP Commentary

VoIP Security – Secure or Too Secure?

As a brief followup to my previous post about VoIP security, I came across a couple articles that offer an interesting point / counterpoint to the questions regarding VoIP reliance and peace of mind.

The first article from PC World by Lincoln Spector; Is VoIP Secure?:

The digital data of a VOIP call can be intercepted anywhere along the complicated path from your router through the multiple servers until it goes out to the analog phone network. Assuming your VOIP service doesn’t encrypt calls, whoever intercepts it can listen to it, as well.

Which raises the question: Does your VOIP service encrypt calls?

Skype does, with very strong, 256-bit AES encryption. You can read the details here.

But others are not as cautious. I know that Google Voice doesn’t encrypt their calls because a Google spokesperson told me so. Yahoo didn’t respond to my query, so I think it best to assume the Yahoo Voice (the service that USANomad uses) also lets their calls go out unprotected.

While encryption increases your safety, it doesn’t guarantee it.  Your own computer may be the weak point in your VOIP security chain.

The next article is from Network World by Jim Metzler and Steve Taylor; Is VoIP Too Secure?:

The issue that was discussed by FBI General Counsel Valerie Caproni is that with VoIP solutions – and Web-based VoIP in particular – the individual conversations can be quite difficult to intercept and decode. Further, while at one time Internet-based voice conversations were largely limited to “major” applications like Skype, there is rapid and widespread proliferation of “voice chat” capabilities. For instance, you can do a voice chat, a video chat, or even call an external phone from Gmail. And this only covers voice-like capabilities, and doesn’t include other messaging.

Interestingly, and in a move that makes sense, the government is not specifying exactly which services need to be modified so that they can be more easily monitored.

So, which is it?  Will infected computers and unreliable encryption severely compromise your safety or, is the proliferation of IP based communications the saving grace of interception resistance?

Maybe it’s a little bit of both?  Security will always be an issue so do everything in your power keep your systems updated and secure on your end but, take some comfort in the fact that the government is having troubles decoding conversations.  Some of this similar to what was represented in the NOVA episode The Spy Factory where a major challenge for the NSA was not collecting information but acquiring the resources to deal with the sheer volume of data, making sense of it, and then connecting the dots.

Nathan Miloszewski

Nate is VoIP Supply's former Content Marketing Manager.

View Comments

  • What you have highlighted is that there are a diversity of voip services available, some that include security be default and many that don't.

    I know of no SIP based ITSP that offers TLS/SRTP based security for voice calling. This is the standard way that companies might secure calling between sites over their WAN. It tends to be limited to such corporate or institutional installations.

    Most ITSPs pass SIP and RTP in the clear. That means that it's reasonably easy for the well informed hacker to capture & record your calls.

    People often overstate the security of traditional POTS service. Anyone with access to your analog pair and a butt-set could tap the line and listen in. Physical access being the hardest part, and not that hard in reality.

    While there is a lot of concern shown for the technical matters of security, social engineering often overcomes the best tech...and relatively easily.

    From the fed authorities perspective the current state of the art in securing voice traffic over IP is possibly a challenge. Likewise accessing Skype calls, which would likely happen through Skype's cooperation with authorities.

    From the perspective of a Vonage customer, security is basically not even on the horizon. All the SIP & RTP traffic travels in the clear, readily available to the feds like any other internet traffic.

Share
Published by
Nathan Miloszewski

Recent Posts

Watch Now: 2024 December VoIP News Update

https://youtu.be/vV0BDOCGiKs?si=jFrelg8-ddbcLhTC In the December VoIP News Update, two exciting developments in the VoIP space were…

2 days ago

Fanvil H5 Hotel Phone Product Feature & How to SIP Register to 3CX | VoIP Supply

https://youtu.be/UHKuBq0Pvuk?si=zS3KlwIkJz2-6vaq At VoIP Supply, we’re always excited to explore new solutions for businesses and industries,…

2 weeks ago

Fanvil X4U IP Phone Product Feature Video & Technical Tutorial

https://youtu.be/Wun3AMh_T08?si=fG3-TgyzrGT2gNIc In our latest video, we dive deep into the Fanvil X4U IP phone. Whether…

4 weeks ago

How to Prepare Your VoIP Systems for 2025

Remember Back to the Future II? I loved that movie because they traveled into the…

1 month ago

SIP Chats: Sharath Abraham of Jabra – Panacast 50, BYOD Solutions, and More!

https://youtu.be/qsNO-fZdY3U?si=1A2biOpTwvHG-wiB In the latest episode of SIP Chats, host Brian Hyrek sits down with Sharath…

1 month ago

Watch Now: 2024 November VoIP News Update

https://youtu.be/a--L6ZF9iAw VoIP Supply’s November VoIP News Update: Exciting New Tools, Upcoming Releases, and Giving Back…

1 month ago