Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > VOIP over Wi-Fi subject to eavesdropping?

Thread Tools

VOIP over Wi-Fi subject to eavesdropping?

Jeff Liebermann
Posts: n/a
On Tue, 09 Aug 2005 03:19:49 +0100, jnitron
<(E-Mail Removed)> wrote:

>Big brother is not yet completely concerned yet ( I believe) about
>the trivial lives of the majority of its citizens, and what they
>discuss in their VOIP conversations.

You have inside knowledge of what Big Brother is interested in
collecting? Do you work for Big Brother?

>Skeletons in your
>cupboard?...sure, then don't discuss them on the phone.

Somehow, I thought that I had an expectation of privacy when talking
on the phone. I guess not. I'll appoint you official censor to
decide what I can safely discuss over the telephone.

>>Oh? Could I trouble you for your bank ID, social security numbers,
>>birthdate, mother's maiden name, credit card numbers, collection of
>>passwords, and name of your mistress? Surely you don't think these
>>should be kept hidden.

>So why would you discuss them in a VOIP call ?

OK, let's take them one at a time:
Bank ID: When someone rips off my credit card number and the bank
phones me to verify the purchase.
SSI number: Used to verify my identity when talking to my bank.
Birthdate: Used to verify various accounts (bank, cheque, credit).
Mother's maiden name: Also used to verify identity.
Password collection: Walking my customers through an email or account
Name of Mistress: Never mind.

Are these sufficient reasons to mention these over the phone?

>JN25 was reportedly broken before Pearl Harbor by the Britosh at
>Singapore where John Tiltman worked. Tiltman, who was born in London
>on May 24, 1894, later worked at Bletchley Park. The Americans did
>"break" JN25 but not untill many months later.

Thanks. I didn't know that the British had proceeded the Americans in
cracking JN-25. The book I previously noted did not include any
mention of British contributions to cracking JN-25.

>There is only one way to keep secrets
>and that is not to tell them, as demonstrated by the documented
>Japanese radio silence prior to Pearl Harbour.

That's not very practical for running a world wide military operation.
It might be possible to maintain radio or telephone silence for a
short period of time, for a single operation (Battle of the Bulge),
but to maintain any coordination with distant operations requires
radio and telephone communications. Similarly, if I want do business
these days, I have to use unencrypted email and unsecured telephones.
Using sealed letters might be an alternative, but would be very slow.

>>Did you ever wonder why it's not encrypted? You could easily have
>>encrypted email and authenticated servers without much difficulty.
>>There are RFC's describing the techniques in detail. The problem is
>>that you lose anonymity in the process. It's impossible to encrypt
>>and authenticate without point a finger directly at the source of any
>>traffic. There are a large contingent of users that consider
>>anonymity equivalent to privacy and don't want to lose that for fear
>>of government or corporate reprisals. I consider this to be a real
>>fear and the major stumbling block preventing universal encryption.

>I don't agree... its not encrypted because it mostly does not need to
>be encrypted.

Who are you to judge what does and does not require encryption? If a
link is deemed to be secure, then EVERYTHING going across that link
should be encrypted. Most of the traffic probably doesn't need to be
encrypted, but once the capabilities are present, encryption becomes
part of the definition of security and is therefore required for all
communications along that link.

>Pre Shared Keys for example, make it possible to have a
>message encrypted without the recipient (or anybody else) knowing
>where the message originated.

True. PGP also has an anonymous encryption feature. However, the
limitations of pre-shared keys are well known. The RFC's I mentioned
include authentication methods that are traceable back to the
originator. This is generally required to prevent spoofing. We could
create an encryption system without authentication, but if you also
want to prevent spoofing, identity theft, spam, and counterfeit
servers, authentication is required.

>... why bother to encrypt VOIP when
>the only real identifier and prevention of anonymity is possibly voice
>recognition (or sitting next to the people having the VOIP

I'm a fan of X.509 certificates and authentication. I want to know
that the other end of the conversation is my intended recipient, and
not a simulation generated by a computah. When I used to work at a
radio station, I did a fair job of impersonating various personalities
by engaging in a conversation using recorded sound clips.

>Again, it is clear that your convesation would have not needed to be
>secured apart from the fact that you decided to inappropriately
>disclose a secret.

Again, who are you to decide which of my conversations need securing
and which may be safely sent in the clear? Wouldn't it be better and
safer to encrypt everything rather than risk inadvertently blabbering
something inappropriate or confidential?

>Tell me...if your converstion had been encrypted
>would you still have felt the need to change the password?

Oh yes. I needed to remind the customer of the root password over the
phone because we needed to get the server up and running as quickly as
possible. Delays meant lost dollars. However, I made it a point of
changing the major passwords on such systems about every 3 months. It
was overdue and thought this would be a good time. Had I changed it
previously during at the regularly scheduled cycle, I would probably
*NOT* have changed it on arrival, and ended up getting hacked. I
guess I had good karma or something.

Had I known and trusted the encryption, I probably would have felt a
bit better about disclosing the password. However, knowing that most
cellular systems with encryption (i.e. CDMA) also have automated
wiretap facilities at the switch, methinks I would tend to treat the
circuit as unprotected.

>If you
>would - what would the point have been in the encrytion?

I don't. The only encryption I trust is end to end. Cellular
encryption is NOT end to end.

>If you
>wouldn't - would you have relied on the encryption to keep your
>secret, or, would it have been better not to have told the password in
>the first place?

You mean like relying on WEP128 wireless encryption when it's know to
be crackable by commonly available tools? That's a judgment call
based on the technology used. I'm familiar with CDMA encryption
(CAVE) and know some tricky ways it can be theoretically cracked.
It's also not encrypted between the cellular switch and the PSTN. I
don't have an simple answer for all types of voice/data links and
encryption methods. My general rule is lousy encryption is better
than none because it eliminates a large number of lazy and marginal
hackers from the playing field.

>Or was it just luck that the timing of the password
>change coincided with your disclosure.

Pure luck that I changed it on arrival. Sorry, it's not a perfect
example of the dangers of unencrypted voice traffic, but it's close

>How many times do we return to find that we'd forgotten to lock the
>car (but nothing thankfully is missing). Would the car have been more
>secure if we'd locked it? If yes, then only because of the probability
>of an intrusion and not because of something evidenced by facts.

We can play this one by the odds if you want. Chances are very small
that an individual VoIP convesation will get hacked. The chances are
sufficiently small that risking an un-encrypted conversation might be
an acceptable risk. However, it's no the odds, but the risks. Is the
risk of hacking worth the cost and overhead of encryption? Again, it
depends on the traffic and hardware.

>So... why did you reveal the root password?

To expedite a crash recovery while I drove like a maniac to the
customer's server farm.

>Crime-think is not built
>into VOIP phones and probably shouldn't need to be. The Eskimo story
>earlier in this thread sums it up. While we should (and do)
>acknowledge human imperfections, the answer is not in phone
>technology, but in how we use it.

A very poor answer methinks. By limiting my ability to exchange
secrets and confidential information via a medium that could be
private and secure, you'll limited the usability of that medium.
Whether this is a fair tradeoff depends on the costs of encryption and
the effects on usability.

# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice
# Removed)
# Removed) AE6KS
Reply With Quote
Peter Hayes
Posts: n/a
CyberDroog <(E-Mail Removed)> wrote:

> On Thu, 04 Aug 2005 02:23:01 -0800, (E-Mail Removed) (Floyd L. Davidson)
> wrote:
> >Do not ever say anything on a telephone that you cannot live
> >with seeing on the front page of tomorrow's local newspaper.

> This thread reminds me of the novel The Light of Other Days (Arthur C.
> Clarke and Stephen Baxter.)



Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
VOIP over VPN over TCP over WAP over 3G Theo Markettos UK VOIP 2 02-14-2008 03:27 PM