Networking

Keep hackers from eavesdropping on VoIP calls


VoIP technology is becoming more popular because it costs less than traditional PSTN phone service -- and in the case of long-distance and international calls, it often costs a lot less. In addition, VoIP offers the convenience of one-network administration, advanced calling features, and unified communications so that users can access voice mail, e-mail, text messages, faxes, and other incoming communications using a single interface.

However, security continues to be an issue and an obstacle to implementing VoIP for many individuals and companies -- especially in cases where many calls deal with sensitive or confidential information. Of course, VoIP is subject to the same sorts of attacks as data networks, including denial-of-service (DoS) attacks that can bring down your VoIP service.

But a unique concern for VoIP users is the possibility of hackers listening in on their calls. Here's a look at some of the methods the bad guys use to do just that. Find out what you can do to protect against eavesdropping on your VoIP network.

Everyone knows that it's possible to bug regular telephone calls. You can place listening devices that transmit to remote locations inside phone handsets and tap into lines from the outside. As long as you have access to phone company equipment (such as law enforcement agencies), you can listen in.

In addition, radio scanners can pick up wireless signals from cordless and cellular phones. And sophisticated surveillance equipment can monitor long-distance calls transmitted over satellite or microwave links.

There are explicit federal and state laws that deal with wiretapping of traditional telephones. While the legal system is only beginning to catch up when it comes to accessing VoIP conversations, the statutes that prohibit unauthorized access to a computer network generally also cover VoIP intrusions, attacks, and eavesdropping.

That's a good thing: It's fairly easy to intercept VoIP conversations, and hackers have plenty of ways to do it. Because most VoIP calls travel across the public Internet, hackers can capture VoIP packets in the same way as data packets -- and they can do it from anywhere in the world.

However, because the technology converts voice messages to digital format, listening in to a VoIP call is in some ways more difficult than listening in to an analog PSTN call. The hacker must have a way to reconstruct the actual voice conversation out of multiple chunks of binary data.

Unfortunately, advanced programming skills aren't necessary to do this. Dozens of free tools are available for download on the Web specifically aimed at capturing, reconstructing, and playing VoIP conversations. While hackers can use these tools for unauthorized access to VoIP calls, they also serve a legitimate purpose. VoIP administrators can take advantage of these same tools for penetration testing of their own networks.

Eavesdropping tools

One of the most well-known VoIP hacking tools is VOMIT, which stands for Voice Over Misconfigured Internet Telephones. But it doesn't actually capture the VoIP packets. For that, you'll need a "sniffer" program (such as Ethereal/Wireshark or Angst) or "dumping" tools such as pcapsipdump.

VOMIT converts a phone conversation into a .wav file that you can play with any popular computer media player software such as Windows Media Player. However, VOMIT only works with Cisco IP phones that use Cisco's Skinny VoIP protocol.

Another popular VoIP hacking utility is VoIPong. This tool detects VoIP calls on a network and creates .wav files of conversations. Like VOMIT, VoIPong runs on Linux and other UNIX-based operating systems. But it processes VoIP packets regardless of the VoIP protocol, so you can use it to hack SIP and H.323 VoIP transmissions as well as Cisco's Skinny-based ones. VoIPong is open source software freely distributed under the GNU General Public License.

In addition, you can use Oreka to record VoIP RTP sessions. It works with many VoIP platforms, including Cisco CallManager, Lucent APX8000, Avaya S8500, Siemens HiPath, and Asterisk SIP channel. Unlike many VoIP tools made just for UNIX-based operating systems, Oreka also runs on Windows.

Cain & Abel is a popular sniffer that can capture and crack passwords; it captures many types of traffic along with VoIP calls. It extracts audio conversations that use the SIP and RTP protocols and supports a number of different codecs, including G711, GSM, DVI, LPC, and many more.

And remember: In addition to technical tools, VoIP hackers often rely on social-engineering techniques just as data network hackers do.

Protect against VoIP hacking

Why aren't stronger security measures built into VoIP? One big reason is performance. VoIP, much more so than most data transmissions, is vulnerable to marked decreases in call quality due to performance factors. Security always requires some performance overhead. Until recently, VoIP services have focused more on call quality and reliability than security.

There are a number of steps that companies can take to protect themselves against VoIP hackers:

  • Keep the VoIP network separate from the data network. Although this does negate some advantages of VoIP -- such as simplified administration through convergence -- it also provides a smaller attack surface and exposes the VoIP network to fewer threats. You can use virtual LAN (VLAN) technology to create a logical separation if you don't want to go with a full-fledged physical separation.
  • Use authentication to ensure that those connecting to the VoIP network from the outside are really who they purport to be.
  • Use encryption so that if hackers manage to capture VoIP packets, they won't be able to easily decipher them.
  • Use VoIP-aware firewalls and an intrusion detection system/intrusion prevention system (IDS/IPS).

Summary

Should you be worried about hackers listening in on your VoIP conversations? It's certainly a possibility, but that doesn't mean you should forget about deploying VoIP and lose out on its advantages.

Instead, be aware of how VoIP hackers operate, implement standard security measures, and use the hackers' own tools to test your VoIP network -- and ensure that you've made it more difficult to eavesdrop.

Deb Shinder is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. She currently specializes in security issues and Microsoft products, and she has received Microsoft's Most Valuable Professional (MVP) status in Windows Server Security.

Want more tips and tricks to help you plan or optimize your VoIP deployment? Automatically sign up for our free VoIP newsletter, delivered each Monday!

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

9 comments
game_insomniac
game_insomniac

who cares, if they listen does it really matter as long as ur not doing something illigal or saying stupid stuff than who really cares, plus if a hackers have nothing better to do than listen to me talk about how paris got out of jail, or my kitty got ran over by a semi truck than maybe they should get a freakin job oh and a life.

dre1219
dre1219

Yes, you tell us all about the technology that allows hackers to eavesdrop, but you don't give us specifics on step-by-step references on how to prevent it!

rwbyshe
rwbyshe

You Provide the Tools.... Very interesting that you name all the tools, and provide links to each, to do all the wrong things. But when you discuss the security and prevention aspects you mentiion nothing for appropriate tools, nor are there ANY links to helpful resources. What's with that?????

mdkierum
mdkierum

I have to disagree with your recommendation on keeping the data and VoIP networks separate. That is impossible to obtain and maintain as a large part of the growth of VoIP apps are PC based clients. Softphones, Outlook Communicator and the future speech enabled web applications cannot be segragated from the rest of the data users.

BALTHOR
BALTHOR

Do not hesitate to call the FBI if you notice these problems.

doublesnapper
doublesnapper

You gave them the knife that they will use to cut our throat. New title "How to eavesdrop on VOIP"

FAST!!!
FAST!!!

For VoIP phones, I absolutely agree that they should be put on a separate network by utilizing VLANs. This worked out great on the 500+ VoIP phone system rollout we did and it keeps end users from being able to see VoIP packets on their desktop computers in the event that the dangerous ones were to do a packet capture.

templink
templink

My guess is that the author was referring to IP desktop phones, not softphones or any PC-based VOIP solution. Where I work many of the old phones have been replaced with IP phones from Avaya. Each phone is on a separate physical network, and gets its own IP. Isolation was designed in from the beginning.

grax
grax

Can you be sure that the FBI doesn?t already know? After all, they can follow the links so generously provided in this very ill-considered article.