Topic: Voice data encryption (Read 2747 times)

Edinburgh_lad · « **on:** December 03, 2023, 11:48:01 AM »

Greetings!

My router reports that the signal for digital phone is not encrypted via UDP and that Encrypted RTP Voice Data is not used. The number is with A&A.

I'd think that it'd be encrypted. I've checked the settings on the router and there isn't an option to enable TLS or something for that. I've checked the config page for A&A number management and I can't see any options related to encryption either.

Is that standard not to have the signal encrypted when using digital voice? Probably since when using, say, a landline phone then tehy don't have the capability to encrypt, but since calls are made over the Internet, I thought this would be the case?

Thanks.

Alex Atkin UK · « **Reply #1 on:** December 03, 2023, 01:24:10 PM »

https://uk.pcmag.com/news-analysis/118690/whats-voips-big-security-problem-sip

aesmith · « **Reply #2 on:** December 05, 2023, 08:52:46 AM »

I've put in or worked on loads of SIP trunks for businesses, none were encrypted on the business to ITSP leg,even where thats carried over the Internet. That suggests to me that it's not seen as a big deal. The only encrypted link I've done was local gateway into Webex Calling.

Alex Atkin UK · « **Reply #3 on:** December 05, 2023, 02:27:30 PM »

I guess traditionally telephone calls have never been considered secure, its just potentially a whole lot easier to tap SIP traffic than a hard line.

Although given you'd have to be the right spot in the network and collect a whole lot of data and sniff out just the right packets, maybe not.

Opening up the local cabinet to your target and finding the right pair seems easy in comparison.

tonygibbs16 · « **Reply #4 on:** December 05, 2023, 03:49:08 PM »

Hi all,

The PSTN at least with BT is protected by employees having to sign part 1 of the Official Secrets Act, to say that they won't listen in. I had to sign it on my first day of employment.

VoIP can be vulnerable without encryption because computers looking for calls don't get bored, and so can run 24/7 looking for something interesting.

Yes, with separate pairs of wires and circuit switching, it takes more effort to find particular conversations so not everyone did it it (except MI5 - think Peter Wright and his Spycatcher book https://en.wikipedia.org/wiki/Spycatcher ).

Nowadays, it can be easier.

Cheers,
Tony

aesmith · « **Reply #5 on:** December 05, 2023, 03:54:14 PM »

Quote from: Alex Atkin UK on December 05, 2023, 02:27:30 PM

Although given you'd have to be the right spot in the network and collect a whole lot of data and sniff out just the right packets, maybe not.

Opening up the local cabinet to your target and finding the right pair seems easy in comparison.

You certainly need to capture a huge amount. Wireshark will do the filtering on captured data, and even play back the audio. We've occasionally had to do that for voice quality issues, to see if the customer is receiving poor quality and confirm it's not being messed up within the customer's network.

News:

Author Topic: Voice data encryption (Read 2747 times)

Edinburgh_lad

Voice data encryption

Alex Atkin UK

Re: Voice data encryption

aesmith

Re: Voice data encryption

Alex Atkin UK

Re: Voice data encryption

tonygibbs16

Re: Voice data encryption

aesmith

Re: Voice data encryption