Latest News

2010-05-06 - How private are your VoIP calls

Connecting with VoIP (Voice over IP) has become an essential tool for business and personal life. Skype recorded 560 million registered users at the end of 2009, and at peak times, 23 million users are logged in (recorded in March 2010). Is the convenience of VoIP overshadowing its security threats? If it’s effortless to connect to people from anywhere in the world, surely it’s just as effortless for someone else to eavesdrop on your calls?

One of the biggest vulnerabilities of VoIP is the simplicity for others to eavesdrop into private conversations – it’s not particularly difficult and there is a multitude of ways to do it. VoIP calls travel across the public Internet, leaving hackers to capture VoIP packets, which generally requires a packet analyzer. All the hacker needs is a laptop, readily available software and the knowledge of how to hack into your network. With this in hand, the hacker can obtain user IDs, passwords and even gain knowledge of confidential business information.

VoIP voice traffic is essentially data that is transmitted over networks, which means, like any type of computer data, VoIP can be protected by encryption, and this can make it virtually impossible for someone to snoop in on your private IP telephony calls.

Here are a few tools we think are useful to ensuring the privacy of you VoIP calls:

Zfone:

Zfone is possibly the easiest way to encrypt VoIP calls and the software is free! However, it requires both callers to install the application, which means calls to people you already know (at least those who have installed Zfone) will be secure, but calls to others (i.e. business calls, brokers, etc) won’t necessarily be protected.

Internal Encryption:

Many VoIP clients have incorporated encryption into their software. For example, Skype installed encryption support into its proprietary software.

Transport Layer Security (TLS) and IP Security (IPsec):

TLS and IPsec are ways to encrypt VoIP calls - TLS encrypts VoIP data travelling between two applications, while IPsec encrypts information for two devices and all the applications running on them. Both protocols aim to keep unauthorized parties from interfering with or listening to calls and cannot be manipulated externally.

Secure Real-Time Transfer Protocol (SRTP):

An ideal tool for protecting VoIP traffic, SRTP has a minimal effect on call quality. For each call made, a unique encryption key is created, which makes eavesdropping almost impossible, and SRTP a good choice for day-to-day calls and highly confidential conversations.

Virtual Private Network (VPN):

If your company has a VPN you can leverage its built-in encryption feature to protect your IP telephony calls. It is also extended to all users, so even when travelling, users can login to the VPN from their laptop. However, a VPN can only secure data from gateway to gateway, and if calls are on your LAN, you’ll require more protection.

VoIP technology cannot guarantee a substantial level of protection, therefore the onus lies with the user to safeguard him/herself to ensure your private conversations are exactly that, private.