SPOTLIGHT: Compressed VoIP Calls Vulnerable to Intercept

Researchers at Johns Hopkins say soon-to-be-implemented variable bitrate compression will make VoIP calls vulnerable to eavesdropping. While VoIP streams are encrypted to deter eavesdropping, simply measuring the size of packets without decoding them can identify whole words and phrases with a high rate of accuracy. 

Software developed by Hopkins cannot decode an entire conversation, but it can search for chosen phrases within encrypted data. The software breaks down a typed phrase to be listened for into constituent sounds using a phonetic dictionary, with a version of the phrase then pasted together from audio clips of phonemes taken from a library of example conversations before finally being made into a stream of VoIP-style packets. 

In tests on example conversations, the software correctly identified phrases with an average accuracy of around 50 percent, with longer, more complicated words being identified 90 percent of the time. Researchers say professional jargon is more prone to detection. A potential counter measure would be padding out data packets to an equal length, but then that cuts down on the benefits of compression.

For more:
- NewScience.com reports Compressed Web Calls Easy To Bug

Related articles:
Newport Networks Riles Up VoIP Security Fears
Circle the wagons, enterprise VoIP is under attack