Eavesdropping on Internet Calls Is Easy
Researchers find potential encryption security problems
By Laila Weir,  Newser User
Posted Jun 17, 2008 7:00 PM CDT
ADTRAN's Voice Quality Monitoring Eases the Management of VoIP devices like the NetVanta 7100. (Photo: Business Wire)   (AP Photo)
camera-icon View 3 more images

(Newser) – Not only are most Internet phone calls not encrypted, but a bandwidth-saving technique could undermine encryption once it’s implemented. Researchers at Johns Hopkins found that a compression method called variable-bit-rate encoding makes it possible for eavesdroppers to identify given phrases in an encrypted VoIP call 50% of the time, reports Technology Review.

The research demonstrates that “you shouldn't feel safe just because you're using a security control,” said one VoIP-exploitation researcher not involved in the study. “You still have to validate it to ensure that it meets your requirements." Eavesdroppers would need to be listening for a particular phrase to crack the encryption, meaning the threat is more to business users than informal callers.