Listen in on encrypted VoIP without decrypting it
June 20, 2008 on 1:34 pm | Researchers at Johns Hopkins have demonstrated an attack against some encrypted Voice-over-IP traffic that uses the size of encrypted packets to make highly accurate guesses at whole words and phrases:That happens because the sampling rate is kept high for long complex sounds like "ow", but cut down for simple consonants like "c". This variable method saves on bandwidth, while maintaining sound quality.Link (via Schneier)VoIP streams are encrypted to prevent eavesdropping. However, a team from John Hopkins University in Baltimore, Maryland, US, has shown that simply measuring the size of packets without decoding them can identify whole words and phrases with a high rate of accuracy...
a few services currently employ the vulnerable compression method, but more networks had hoped to include it in future VoIP upgrades, says Charles Wright, a member of the John Hopkins team. "We hope we have caught this threat before it becomes too serious."
Eavesdropping software the team has developed cannot yet decode an entire conversation, but it can search for chosen phrases within the encrypted data. This could still allow a criminal to find important financial information conveyed in the call, says Fabian Monrose, another team member.
Archives
- October 2008 (1853)
- September 2008 (3807)
- August 2008 (6382)
- July 2008 (7611)
- June 2008 (7085)
- May 2008 (7177)
- April 2008 (7560)
- March 2008 (7542)
- February 2008 (7751)
- January 2008 (8450)
- December 2007 (6641)
- November 2007 (7054)
- October 2007 (7506)
- September 2007 (7445)
- August 2007 (8644)
- July 2007 (8172)
- June 2007 (7985)
- May 2007 (4894)
- April 2007 (5200)
- March 2007 (1010)
- February 2007 (50)
- January 2007 (6)
- January 1970 (974)