RE: VoIP security
From: David (david_at_clicksee.net)
To: "'Seth Art'" <email@example.com>, <firstname.lastname@example.org> Date: Thu, 21 Apr 2005 09:14:29 +0700
This article addresses your questions pretty specifically:
As with traditional telephony, eavesdropping is a concern for
organizations using VOIP-and the consequences can be greater, says
Charlie Rabie, a vice president at Aspect Communications Corp. in San
Jose. Aspect is a provider of software and services for implementing
VOIP, traditional telephony and other communication services.
Because voice travels in packets over the data network, hackers can use
data-sniffing and other hacking tools to identify, modify, store and
play back voice traffic traversing the network, Kemmerer says.
A hacker breaking into a VOIP data stream has access to a lot more calls
than he would with traditional telephone tapping. As a result, "one of
the big differences is that a hacker has a much higher probability of
getting intelligent information" from tapping a VOIP data stream than
from monitoring traditional phone systems, Rabie says.
From: Seth Art [mailto:email@example.com]
Sent: Wednesday, April 20, 2005 8:52 PM
Subject: VoIP security
My coworker had an interesting question. She had to validate her
credit card number over the phone using her social and other sensitive
information. She has a VoIP router from her ISP. The question: Are
the VoIP packets encrypted as they go across the wire? Or can
someone sniffing in the right place capture all of that sensitive VoIP
traffic and reassemble her CC# and SS# from the tones? Is this
somethign that might be an issue in the future or is there already an
answer out there?