VoIP technology is becoming more popular because it costs less than traditional PSTN phone service — and in the case of long-distance and international calls, it often costs a lot less. In addition, VoIP offers the convenience of one-network administration, advanced calling features, and unified communications so that users can access voice mail, e-mail, text messages, faxes, and other incoming communications using a single interface.
However, security continues to be an issue and an obstacle to implementing VoIP for many individuals and companies — especially in cases where many calls deal with sensitive or confidential information. Of course, VoIP is subject to the same sorts of attacks as data networks, including denial-of-service (DoS) attacks that can bring down your VoIP service.
But a unique concern for VoIP users is the possibility of hackers listening in on their calls. Here's a look at some of the methods the bad guys use to do just that. Find out what you can do to protect against eavesdropping on your VoIP network.
Everyone knows that it's possible to bug regular telephone calls. You can place listening devices that transmit to remote locations inside phone handsets and tap into lines from the outside. As long as you have access to phone company equipment (such as law enforcement agencies), you can listen in.
In addition, radio scanners can pick up wireless signals from cordless and cellular phones. And sophisticated surveillance equipment can monitor long-distance calls transmitted over satellite or microwave links.
There are explicit federal and state laws that deal with wiretapping of traditional telephones. While the legal system is only beginning to catch up when it comes to accessing VoIP conversations, the statutes that prohibit unauthorized access to a computer network generally also cover VoIP intrusions, attacks, and eavesdropping.
That's a good thing: It's fairly easy to intercept VoIP conversations, and hackers have plenty of ways to do it. Because most VoIP calls travel across the public Internet, hackers can capture VoIP packets in the same way as data packets — and they can do it from anywhere in the world.
However, because the technology converts voice messages to digital format, listening in to a VoIP call is in some ways more difficult than listening in to an analog PSTN call. The hacker must have a way to reconstruct the actual voice conversation out of multiple chunks of binary data.
Unfortunately, advanced programming skills aren't necessary to do this. Dozens of free tools are available for download on the Web specifically aimed at capturing, reconstructing, and playing VoIP conversations. While hackers can use these tools for unauthorized access to VoIP calls, they also serve a legitimate purpose. VoIP administrators can take advantage of these same tools for penetration testing of their own networks.
One of the most well-known VoIP hacking tools is VOMIT, which stands for Voice Over Misconfigured Internet Telephones. But it doesn't actually capture the VoIP packets. For that, you'll need a "sniffer" program (such as Ethereal/Wireshark or Angst) or "dumping" tools such as pcapsipdump.
VOMIT converts a phone conversation into a .wav file that you can play with any popular computer media player software such as Windows Media Player. However, VOMIT only works with Cisco IP phones that use Cisco's Skinny VoIP protocol.
Another popular VoIP hacking utility is VoIPong. This tool detects VoIP calls on a network and creates .wav files of conversations. Like VOMIT, VoIPong runs on Linux and other UNIX-based operating systems. But it processes VoIP packets regardless of the VoIP protocol, so you can use it to hack SIP and H.323 VoIP transmissions as well as Cisco's Skinny-based ones. VoIPong is open source software freely distributed under the GNU General Public License.
In addition, you can use Oreka to record VoIP RTP sessions. It works with many VoIP platforms, including Cisco CallManager, Lucent APX8000, Avaya S8500, Siemens HiPath, and Asterisk SIP channel. Unlike many VoIP tools made just for UNIX-based operating systems, Oreka also runs on Windows.
Cain & Abel is a popular sniffer that can capture and crack passwords; it captures many types of traffic along with VoIP calls. It extracts audio conversations that use the SIP and RTP protocols and supports a number of different codecs, including G711, GSM, DVI, LPC, and many more.
And remember: In addition to technical tools, VoIP hackers often rely on social-engineering techniques just as data network hackers do.
Protect against VoIP hacking
Why aren't stronger security measures built into VoIP? One big reason is performance. VoIP, much more so than most data transmissions, is vulnerable to marked decreases in call quality due to performance factors. Security always requires some performance overhead. Until recently, VoIP services have focused more on call quality and reliability than security.
There are a number of steps that companies can take to protect themselves against VoIP hackers:
- Keep the VoIP network separate from the data network. Although this does negate some advantages of VoIP — such as simplified administration through convergence — it also provides a smaller attack surface and exposes the VoIP network to fewer threats. You can use virtual LAN (VLAN) technology to create a logical separation if you don't want to go with a full-fledged physical separation.
- Use authentication to ensure that those connecting to the VoIP network from the outside are really who they purport to be.
- Use encryption so that if hackers manage to capture VoIP packets, they won't be able to easily decipher them.
- Use VoIP-aware firewalls and an intrusion detection system/intrusion prevention system (IDS/IPS).
Should you be worried about hackers listening in on your VoIP conversations? It's certainly a possibility, but that doesn't mean you should forget about deploying VoIP and lose out on its advantages.
Instead, be aware of how VoIP hackers operate, implement standard security measures, and use the hackers' own tools to test your VoIP network — and ensure that you've made it more difficult to eavesdrop.
Deb Shinder is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. She currently specializes in security issues and Microsoft products, and she has received Microsoft's Most Valuable Professional (MVP) status in Windows Server Security.
Want more tips and tricks to help you plan or optimize your VoIP deployment? Automatically sign up for our free VoIP newsletter, delivered each Monday!
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.