Saturday, June 14, 2008

Compressed Web Phone Calls Are Easy to Bug

Via newscientist.com -

Plans to compress internet (VoIP) phone calls so they use less bandwidth could make them vulnerable to eavesdropping. Most networks are currently safe, but many service providers are due to implement the flawed compression technology.

The new compression technique, called variable bitrate compression produces different size packets of data for different sounds.

That happens because the sampling rate is kept high for long complex sounds like "ow", but cut down for simple consonants like "c". This variable method saves on bandwidth, while maintaining sound quality.

VoIP streams are encrypted to prevent eavesdropping. However, a team from John Hopkins University in Baltimore, Maryland, US, has shown that simply measuring the size of packets without decoding them can identify whole words and phrases with a high rate of accuracy.
VoIP systems accessed via a computer like Skype have become popular in recent years, and internet-based phone systems are increasingly appearing in homes and offices too to connect conventional telephones.


Only a few services currently employ the vulnerable compression method, but more networks had hoped to include it in future VoIP upgrades, says Charles Wright, a member of the John Hopkins team. "We hope we have caught this threat before it becomes too serious."

No comments:

Post a Comment