Voxilla VoIP Forum

yf · #1 (**permalink**) May 17th, 2007, 08:35 PM

Folks:
The more I become dependent on VoIP the more I get worried about the security of the connection. I am talking about home-use connections not the fancy corporate business exchanges.

1) Is my home network is at risk having an ATA connected to it? If so what are the risks?
2) Can someone hack my account with my VoIP provider and use it to make calls of his own? I am talking about the commercial VoIP providers.
3) Can someone eardrop to the telephone conversation I make it over my VoIP connection?

chandave · #2 (**permalink**) May 18th, 2007, 04:02 AM

Quote:

Originally Posted by yf

1) Is my home network is at risk having an ATA connected to it? If so what are the risks?

Yes. Any time you add a device into your home network that can talk to another machine outside your network puts your home network at risk. BUT, currently, that risk is low. It is more likely that your ATA might be tricked into assisting in a Denial of Service attack.

Quote:

Originally Posted by yf

2) Can someone hack my account with my VoIP provider and use it to make calls of his own? I am talking about the commercial VoIP providers.

Yes. Someone can hack your account. It doesn't take that much resources but a lot of time. The method of authentication (based on the HTTP-digest algorithm) is an open standard and the information about your call setup is in cleartext when the dATA is sent between you and your VSP.

Again, the risk is currently low.

Quote:

Originally Posted by yf

3) Can someone eardrop to the telephone conversation I make it over my VoIP connection?

The audio packets are not encrypted. Anyone that can record the dATAstream between you and your VSP can eavesdrop on the conversation.

This is no different from someone walking over to your home, finding the demarc of your POTS drop, and alligator-clipping the wires.

See ya...

d.c.

jan1972 · #3 (**permalink**) September 22nd, 2007, 03:13 AM

Actually, I would be more concerned about your private network. Tapping a call on the public Internet is difficult as usually an attacker does not have access to the WAN.

The LAN is much easier. Using the remote ARP attack (check out Cain & ABel at oxit.it) every one in the LAN can route the VoIP traffic through the local PC and then record the RTP stream. That tools does everything for you, no need to be a security geek.

But not only your information-hungry colleague is a problem. It is only a question of time when the spyware, bots and whatever start the same thing and upload the records to the mailservers of the competing companies.

Steve7 · #4 (**permalink**) September 30th, 2007, 02:24 AM

I guess everything has a risk, you just weigh it down and see what you could take and what not.

vergara · #5 (**permalink**) October 3rd, 2007, 10:12 AM

Very nice thread you got here guys, it helps me understand the risk of using voip.

comp1 · #6 (**permalink**) November 28th, 2007, 08:53 AM

Hello

Divide and conquer. There are three main threats to VoIP security: authentication failures, integrity failures and privacy failures.

User Name		Remember Me?
Password
No account yet? Create one
Forgot your Username or Password?

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Similar Threads for: How secure is my VoIP connection?
Thread	Thread Starter	Forum	Replies	Last Post
SPA3102: How to "voip-to-voip" using FXO to FXS connection?	bobolito	Linksys (Sipura) VoIP Support Forum	22	March 14th, 2007 06:02 PM
secure outbound call	lostprophet	Linksys (Sipura) VoIP Support Forum	0	September 27th, 2006 10:13 PM
Sipura3K-Secure Calls Fail-VoIP->PSTN with PIN	ShubhaKiran	Linksys (Sipura) VoIP Support Forum	3	September 19th, 2005 09:04 PM
SPA 2000 Broadvoice - 2 VOIP lines, 1 eithernet connection	pgastwirth	Linksys (Sipura) VoIP Support Forum	1	April 28th, 2005 05:53 AM

Voxilla VoIP Forum

How secure is my VoIP connection?