Security Blog

Your source for information security news and views.

How to ruin VoIP security

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Wednesday, 29 June 2011 in MyBlog

Most recently, with our advancement in mobile technologies and IP networks, we have been able to expand our available communication channels to include many new technologies. Mobile email, mobile instant messenger, texting, and VoIP chat are rapidly replacing our more standard communication networks such as postal services and Plain Old Telephone Service (POTS). With these new technologies we have been able to introduce an advancement in security over previous mediums including networked encryption of communication channels, encrypted voice data, etc. But there was one thing we forgot when introducing these new technologies, they all must fall under the same communications laws and Privacy Acts we had for our older communication media. Compliance with these laws will very well unravel the entire security structure we have put in place.

I'll give you an example, one being Skype. Most recently since their $8.5 billion acquisition of Skype, Microsoft has patented a new technology add on that will assist the VoIP and video chat application in compliance with government mandated wiretapping and surveillance requirements. The new technology add on, deemed " Legal Intercept ", will act as a middle man in Skype allowing silent recording of conversations.

The revamped software works by intercepting a Skype connection request and rerouting the connection through a recording channel, then routes the connection to the requested endpoint.

This type of monitoring is nothing new to communications technology however, it has yet to hit any of our newest IP technologies. An addition like this is likely to undo any and all security progress we've made in the VoIP world. The trusted connections, encrypted tunnels, and secure data we establish during a VoIP connection will now hold the ability to be altered so that it may be monitored, thus opening a backdoor for malicious attacks. We are taking a technology designed not to be intercepted and intercepting it on purpose, all to suite big brother. We must remember though that big brother will not be the only one capable of listening .

This should really by raising some questions. What security is in place to ensure these communication channels can only be intercepted by authorized government monitoring agencies? What security is being implemented on the recorded sessions once they are captured? What back doors are being used with our data to enable these recording channels? I am all for national security however, opening more back doors and vulnerable channels seems to outweigh the security introduced by this technology. For now this new technology really only seems to be introducing national insecurity.

Tags: Untagged
Patrick Snyder has not set their biography yet

Comments

Please login first in order for you to submit comments