Not only are most Internet phone calls not encrypted, but a bandwidth-saving technique could undermine encryption once it’s implemented. Researchers at Johns Hopkins found that a compression method called variable-bit-rate encoding makes it possible for eavesdroppers to identify given phrases in an encrypted VoIP call 50% of the time, reports Technology Review.
The research demonstrates that “you shouldn't feel safe just because you're using a security control,” said one VoIP-exploitation researcher not involved in the study. “You still have to validate it to ensure that it meets your requirements." Eavesdroppers would need to be listening for a particular phrase to crack the encryption, meaning the threat is more to business users than informal callers.