SHARE



ABOUT THE AUTHOR


Matt Brunk
Matt Brunk has worked in past roles as director of IT for a multisite health care firm; president of Telecomworx,...
Read Full Bio >>
SHARE



Matt Brunk | June 11, 2009 |

 
   

Un-Secure IP/SIP Voice Calls

Un-Secure IP/SIP Voice Calls Imagine getting proprietary or personal information from the IP/SIP telephone calls and then having a field day with the information.

Imagine getting proprietary or personal information from the IP/SIP telephone calls and then having a field day with the information.

Of course I'd be the one troubleshooting our latest SIP trunk issue. Previously, I had hopes that I could point to the carrier since I have my trusty VQM (Voice Quality Monitoring) in place. A few weeks prior, we experienced our first disconnect during a call with a customer, then a few days later call quality seemed to come and go. VQM helped me isolate the call in this case, but oddly enough, the call sounded like a satellite call with lots of background white noise as in the days of old. So I questioned why the call quality showed up as "excellent." This led us down the path to first check the router configuration (last year for 4 months we did not have QoS turned on). Even after testing again and again, call quality didn't return to the same consistency.The good folks at ADTRAN found this strange. The support engineer had me run a packet trace using WireShark (formerly Ethereal) and in 15 minutes he pegged the issue with my test calls from the packet sniff as likely a codec issue on the carrier side. The problem was isolated on the inbound side coming from the carrier to our IP-PBX. Evidence in hand I called the carrier, but their reply the next day even after I forwarded the calls (packet trace--"the evidence") was they could find no issue in their network. No surprise. There's another issue besides getting this SIP carrier to provide service.

WireShark (a free application) is a great snooping tool that sniffs packets and provides an onboard playback of those IP/SIP voice calls that you captured. I heard the conversations from the packet trace and am able to take those telephone call recordings and do with them whatever I deem; and this opens up Pandora's box of legal issues. Using one test call from the trace; I used GoldWave to convert it to an audio file here. It also means IT/ITC must maintain personnel as "trusted" advisors and it goes without saying that knowing what employees view on the web is one thing but knowing what they talk about can cause untold damage. Sensitivity is key and the legal concerns with security over voice tampering; information mining and other devious activities are probably in for a lot of challenges and test cases.

Now to get a packet trace you only need a hub or a mirrored port in a switch, a laptop and WireShark. Imagine getting proprietary or personal information from the IP/SIP telephone calls and then having a field day with the information. It's not normally the way I think but after thinking about it, it seems that now we have virtual wiretaps and because I can and I know others that have; sniffing the public Internet is pretty easy. What kind of information is being mined from packet traces?

Voice encryption is good but normally it's only working between IP-PBXs or gateways, so any public IP/SIP call is best defined as "unsecure voice." Maybe the new telephone stickers for our phones should read "WARNING--your calls maybe subject to monitoring for quality control purposes but the calls themselves are UNSECURE." Employees and more importantly executives need to be aware of the inherent security risks. Breaking into your office hurts but perhaps not as much as what leaks out, causing irreparable damages to the enterprise.Imagine getting proprietary or personal information from the IP/SIP telephone calls and then having a field day with the information.



COMMENTS



February 17, 2016
Your customers' experience with your support organization and contact center has a huge impact on their impression of your brand, on their loyalty, and on how much they will spend with you through the...
February 3, 2016
Unified Communications as a Service (UCaaS) is becoming so widely accepted by businesses that the question is no longer if it's the right choice, but when you and your enterprise will be ready to make...
January 20, 2016
Four categories of cloud competitors are converging on UCaaS: incumbent Telecom manufacturers, IT giants, service integrators, and pure play cloud developers. Provider and technology choices are growi...