Privacy Guru Locks Down VOIP
<<<... "The PSTN is like a well-manicured neighborhood, (while) the internet is like a crime-ridden slum," Zimmermann said. "To move all of our phone calls from the PSTN to the internet seems foolish without protecting it."
Interest in VOIP is growing rapidly because the user pays less for the service and pays no long-distance toll charges. Some services are free. According to one recent survey, 11 million people worldwide use a subscription VOIP service, compared to only 5 million in 2004, and at least another 35 million use free VOIP services.
That leaves a lot of people potentially open to eavesdropping. It's not as easy to eavesdrop on VOIP as it is to intercept and read e-mail. Phone conversations aren't stored or backed up where an attacker can access them, so the conversations have to be captured as they occur. But a program available for free on the internet already allows intruders to do just that.
Using the tool, someone with access to a local VOIP network could capture traffic, convert it to an audio file and replay the voice conversation. The program is called Voice Over Misconfigured Internet Telephones, a name clearly chosen for its catchy acronym -- VOMIT.
Bruce Schneier, chief technology officer of Counterpane Internet Security and author of the Crypto-Gram newsletter, said that the need for VOIP encryption is a given. "If you're concerned about eavesdropping, then encryption is how you defend against it," he said. "And it's not that hard to do. It's just a matter of writing the code." more>>>
Links