VoIP wiretapping: Myth versus reality

It's time to debunk some VoIP security myths.

Government agencies, health care organizations and, for that matter, any business that might exchange sensitive information over a phone line is technically a prime candidate for wiretapping. This is because hackers can hypothetically glean personally identifiable information, state secrets and other private information by simply listening in to a phone call. 

In this blog, we'll debunk some of the myths associated with wiretapping as it pertains to internet telephony, and outline the reality of VoIP security. 

Myth: VoIP is less secure than POTS because it's internet-based 

People have a tendency to assume that internet services are inherently less secure since technically, anything that's online can be hacked.

"When it comes to VoIP, this couldn't be further from the truth."

But when it comes to VoIP, this couldn't be further from the truth. According to TechTarget contributor Steven Taylor, plain old telephone service (POTS) lines can be tapped using equipment that can be purchased at a local hardware store and directions that can be found on the web. That is to say that POTS is in no way secure to begin with. In fact, there is a complete and thorough explanation of how the average Joe can easily tap a phone line available on HowStuffWorks. 

"The circuit carrying your conversation runs out of your home, through your neighborhood and through several switching stations between you and the phone on the other end," contributor Tom Harris wrote. "At any point along this path, somebody can add a new load to the circuit board, in the same way you can plug a new appliance into an extension cord."

It's safe to say that VoIP is hands-down more secure than POTS. 

The odds of successfully listening in on a VoIP call are slim to none. The odds of successfully listening in on a VoIP call are slim to none.

Reality: VoIP is extremely difficult to intercept

Intercepting VoIP on the other hand – which is called "packet sniffing" – is much more difficult. According to Taylor, a hacker needs to gain "physical access" to the packets in order to "sniff" them. This requires direct access to the corporate network, and as pointed out by Taylor, if an unauthorized user has access to your network, you have bigger problems than packet sniffing on your hands. If a hacker hypothetically did gain access, Taylor noted that these packets are "buried deep inside a sophisticated protocol stack" that would require multiple layers of decoding. 

Add in the fact that secure VoIP uses Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP), and the task immediately becomes exponentially more trying for a hacker. TLS ensures a secure connection, and SRTP encrypts audio packets that are sent over the IP network. Even if the connection between a server and web browser were somehow compromised, a hacker would then have to decrypt the individual packets. 

So, in conclusion, secure VoIP is a fortress. For government agencies and other organizations in need of secure telephony solutions, VoIP is calling.