Listen in on encrypted VoIP without decrypting it
That happens because the sampling rate is kept high for long complex sounds like "ow", but cut down for simple consonants like "c". This variable method saves on bandwidth, while maintaining sound quality.Link (via Schneier)VoIP streams are encrypted to prevent eavesdropping. However, a team from John Hopkins University in Baltimore, Maryland, US, has shown that simply measuring the size of packets without decoding them can identify whole words and phrases with a high rate of accuracy...
a few services currently employ the vulnerable compression method, but more networks had hoped to include it in future VoIP upgrades, says Charles Wright, a member of the John Hopkins team. "We hope we have caught this threat before it becomes too serious."
Eavesdropping software the team has developed cannot yet decode an entire conversation, but it can search for chosen phrases within the encrypted data. This could still allow a criminal to find important financial information conveyed in the call, says Fabian Monrose, another team member.
the latest
latest episodes
Fabian Monrose. Now that is an awesome soap opera name.
So let me get this right, you could have the Feds bang your door down and arrest you based on a conversation they didn't hear very clearly?
On the plus side, this very similar attack (link below) has proven very useful indeed in some cases. [evil grin]
http://cryptome.org/cia-decrypt.htm
@#3: Are you kidding me? You could have the Feds bang down your door and arrest you based on a conversation they didn't hear at all. With legislation like the PATRIOT act, all they need is suspicion, and to many people, encryption looks suspicious. In fact, just knowing that the IP on the other end of your VoIP conversation was to some place in Iraq is probably enough to get you hauled off to Gitmo.