VOIP over Wi-Fi subject to eavesdropping?

I can't speak to what is done outside the US, but it is virtually a guaranteed thing that International calls are screened for key word recognition here. If you say the right thing, a human *will* listen to it.

However, doing that for *all* calls is simply too large a project to even imagine. Hence I really doubt it is very common on domestic calls anywhere. (Which is not to say that it doesn't happen on some selectively small portion.)

(Which brings to mind an interesting conversation I had with a pilot that used to work here in Barrow between gigs flying 747's in the Middle East for various outfits including the Kingdom of Saudi Arabia. He asked me one day if his phone might be tapped! I laughed at him, and said considering the places he goes and the company he keeps, it probably was. Then I asked him why he thought it might be, and was he making any international calls. He said something like, "Well, my son calls his wife who is currently in Indonesia. She's from China." I just about rolled off my chair onto the floor! And I told him to be *damned* careful how they phrase what they say.... He then told me a few stories about doing things like flying charters with Yasir Arafat on board. It causes quite a stir when a request for landing instructions includes an announcement that security will be needed...)

Reply to
Floyd L. Davidson
Loading thread data ...

Well, it's a bit more difficult that it appears. One of the problems I previously hinted is that in order to "wireless-tap" a VoIP conversation, it is necessary to hear both radios that are involved. Just listening to the access point only gives you half the conversation. The solution is to either position yourself in an ideal location, where both the AP and the client radio can be sniffed, or to use two sniffers. It's especially messy with point to point links, where there's often not enough RF at ground level to hear both sides from one location.

If such sniffing is done with a single laptop, the antenna probably needs to be an omnidirection affair (to hear both sides). While a dish or panel might offer more gain to do this at a distance, the omni will require that the sniffer be located fairly close to the radios. However, for sniffing in a coffee shop, almost any antenna can be used.

Reply to
Jeff Liebermann

Same problem. Let's say the access point can be heard from the street. But the 802.11 VoIP handset is wandering all over the house. There's no problem hearing the return side of the conversation coming from the access point, but picking up the handset will be difficult. As soon as Joe Sixpack puts a few walls between himself and the sniffing antenna, the signal will be lost or full of reflections. You get to sniff only one side of the conversation.

I know a sneaky way around this problem, but I don't wanna disclose any secrets.

Reply to
Jeff Liebermann

In article , jnitron wrote: :But, lets's consider the qualifier, "all practical purposes".

:What is the risk? If the contents of Fort Knox were housed in an old :dusty anonymous warehouse, which nobody knew about, then it would be :100% secure. Nobody would know about it so there would be no threat :and no risk.

Nope. Kids have a hobby around here: they wander around and break into or set fire to old dusty buildings.

"dusty anonymous" warehouses are also subject to "traffic analysis": People enter and leave Fort Knox all the time, but people mostly leave anonymous warehouses alone.

:If Steve's telephone conversations are similarly "dusty" and :"anonymopus"... lets say boring, then likewise, they are practically :secure because they will be of no interest to anyone, and even if :somebody happenned to overhear, the conversation would need to be of :interest to the eavesdropper to even begin to carry the threat of any :potential adverse consequence.

Right. And "Echelon" is merely an organizational unit.

The USA denies it, but there is fairly solid evidence in Europe (UK especially) and Australia, that there is widespread -automatic- sorting through domestic and international telephone conversations -- automatically checking *all* calls through major exchanges (not just calls from "suspects".) To the kind of people that set up such massive checking, encrypted calls *by definition* are "suspicious" and, if practical such calls should be broken and analyzed.

Reply to
Walter Roberson

What about if that's Joe at home using a wireless VoIP phone to his home AP? No other radio (as in phone) involved, just off to some SIP proxy through his phone service provider.

David.

Reply to
David Taylor

I'm sure all the law abiding citizens with government files of their activities will be gratified to know that the government will not use the information against them. I'm not the most law abiding citizen in the US. I do keep skeletons in my closet. I do have some secrets that I don't want anyone to know about. I also have a collection of commercial secrets that are not for general consumption. I have plenty to hide. Whether the evidence collecting is done by our beloved government, by our trusted business associates, or by professional informers, is not really important. It's why they find it necessary to do so that bothers me. Don't blame the victim.

Ignorance is the hallmark of someone about to get hacked. Someone who is informed of the mechanics of how privacy intrusions, wireless sniffing, general hacking, and wireless-tap recordings are done, is less likely to find themselves compromised than the ignorant. I'm not suggesting that paranoia should be some type of security measure, but awareness of exploits and techniques will often do more to prevent a security breach than all the automagic IDS systems.

Oh? Could I trouble you for your bank ID, social security numbers, birthdate, mother's maiden name, credit card numbers, collection of passwords, and name of your mistress? Surely you don't think these should be kept hidden.

Well, the line between privacy and security is a thin and shifting line. The recent example of where Googles president had his privacy allegedly violated using his own Google search tools is a good example of the moving line:

formatting link
have successfully horrified customers by digging through various web sites for their past information. (It's also called "ego surfing"). Addresses and phone numbers are easy. Former employers can sometimes be found. Old email addresses are fairly easy. Birthdays are spotty but possible. Until recently, drivers license numbers, SSI numbers, and some medical records were possible. Whether someone is interested in this information really depends on what they have in mind to do with it. Identity theft comes to mind. Depending upon circumstances, the info itself can be quite damaging. For example, when I found a customers birthday online, he was almost in a state of panic because he was lying to his employer about his age.

Drivel. The US and British were not exchanging decrypts or technology at that point in the war. While the British were well ahead of the US on German ciphers, the US had been working for years on Japanese JN-25 ciphers at "station Hypo" in what much later became Arlington Hall. The Midway decrypts came strictly from US codebreakers. See: "Battle of Wits" by Stephen Budiansky for details of the US efforts.

formatting link

Did you ever wonder why it's not encrypted? You could easily have encrypted email and authenticated servers without much difficulty. There are RFC's describing the techniques in detail. The problem is that you lose anonymity in the process. It's impossible to encrypt and authenticate without point a finger directly at the source of any traffic. There are a large contingent of users that consider anonymity equivalent to privacy and don't want to lose that for fear of government or corporate reprisals. I consider this to be a real fear and the major stumbling block preventing universal encryption.

Reagan had quite a few better quotes:

formatting link
you've every listened in to an analog cellular conversation (before it was outlawed), you would wonder why anyone would even want to listen to that junk. 99.9% of everything I heard was garbage. Yet, when I yacked with a customer on the way to a server recovery, I stupidly announced the root password to their servers. For the next two weeks, someone was trying to break into their system using this root password (which I changed on arrival because it was time, not because I was paranoid).

The technology for doing that isn't here yet. I visualize a bad science fiction movie, where the victim wears a metal helmet full of wires, and where a rack full of hardware sucks the thoughts directly from his brain. Not this week, but maybe in the near future.

I am. It's called "crime-think".

Reply to
Jeff Liebermann

At about the time of 8/6/2005 6:02 AM, Phil Thompson stated the following:

This was at a security conference. Plus, not all equipment can support WPA.

Reply to
Daniel Rudy

In article , jnitron wrote: :Paranoia is the hallmark of somebody who has something to hide and he :believes others have reason to be concerned about. Fortunately most of :us have nothing to hide. We are more concerned about finding out about :what is hidden than trying to hide that which most people have no :interest in knowing.

Sigh, the old "Only people with something to hide mind widespread surveillance" canard.

Do I have "something to hide" ? Yes and No: I publish my political opinions under another one of my identities so that my employers are free to ignore them. Does "Freedom of Opinion" exist? In theory, yes, but so too exists the freedom of people with power to decide to take a dislike to organizations which employ people who say things that someone doesn't want to hear.

:Maybe its time that we turned our obsession with secretiveness into an :obsession with openness. Perhaps disasters kike 9/11 could not happen :if we did so?

Do Death Squads stop existing when it is discovered who does the killing? No. Secrecy is only -one- of the themes in the songs Of power.

A certain well-known country, a target of international terrorism, objected strenously to the formation of the International Court of Justice, and the country's price for dropping the resistance was blanket immunity for its citizens before the court. Is that country conveying that it has something to hide that is of greater value to it then the protection gained by exposing terrorists in open courts?

Reply to
Walter Roberson

My point exactly. If the caller is not the subject of attention, then security is irrelevant. Even the casual listener in a crowded barroom or sitting with a laptop in the corner of a fast food outlet will be no threat whatsoever - even if he finds the conversation to be "interesting".

Paranoia is the hallmark of somebody who has something to hide and he believes others have reason to be concerned about. Fortunately most of us have nothing to hide. We are more concerned about finding out about what is hidden than trying to hide that which most people have no interest in knowing. Maybe its time that we turned our obsession with secretiveness into an obsession with openness. Perhaps disasters kike 9/11 could not happen if we did so?

Yes. We agree that even if something can't be cracked in real time it can be cracked. The interception of wireless messages which happens at the physical layer and is equivalent to wire tapping CANNOT be stopped. What can be stopped is realtime listening to conversations by employing VOIPsec and other powerful encryption techniques. A SIP initiated call using IPSEC in a WPA environment works. Read

formatting link
maybe you should read about the British achievements at Bletchley Park 60 years ago, which probably saved America's ass at Midway. Encoded wireless transmissions are not new and there will probably never be a way of making them 100% secure.

Remember that the vast majority of email sent across public networks, even outwith VPN's, is not encrypted. Our reliance on the spoken word is far less. (For example, President Reagan who said in a wireless broadcast ....... "My fellow Americans, I'm pleased to tell you today that I've signed legislation that will outlaw Russia forever. We begin bombing in five minutes.")

Remember that the question we are trying to answer was concerned with "practical" security, not the level of security that might be needed to prevent the interception of thought processes as if in a "Matrix" dreamworld.

Get real everybody !

Reply to
jnitron

Every time someone lays that tripe out; I ask them a simple question:

Do you shit/have sex/etc in public? If you have nothing to hide...why not?

They usually start babbling about then...

Reply to
David Lesher

:>My point exactly. If the caller is not the subject of attention, then :>security is irrelevant.

:I'm sure all the law abiding citizens with government files of their :activities will be gratified to know that the government will not use :the information against them.

Like the Denver Police "spy files" documented by the ACLU in Colorado...

:I have plenty to hide.

According to what I've read, most people do. Apparently there are so many laws in the USA and Canada, that people unknowingly average more than a dozen minor crimes per day, and a small number of what in the US would be known as "felonies" [Canada doesn't have that particular classification.]

See for example the following list of sexual "offences" in the USA [I don't know how accurate it is]:

formatting link
e.g., in Minnesota it is illegal to sleep naked.

Reply to
Walter Roberson

On Sun, 07 Aug 2005 18:39:38 -0700, Jeff Liebermann wrote:

Big brother is not yet completely concerned yet ( I believe) about the trivial lives of the majority of its citizens, and what they discuss in their VOIP conversations. Skeletons in your cupboard?...sure, then don't discuss them on the phone. Would Reagan have said what he did if he knew that the microphone was switched on?

I would postulate that there are 2 doors most likely to be of interest to the intruder. Both the open door and the heavily secured door beckon infiltration. Ignorance may leave the door open while the Paranoid will go for the latter. Awareness will encourage the use of a sensible and practical level of security. Exactly half of us have doors which are less secure than the average - I'm sure that it'd be interesting to know if the majority of intrusions take place against better or less well secured premises, or more importantly, from which half of the spectrum is most value taken?

So why would you discuss them in a VOIP call ? Remember security has 2 key purposes - to keep out, and to keep in. Why worry about keeping out when it is simpler and much more secure to keep in

formatting link
You will see in the following link and in other places that US / British cooperation existed prior to the US entry into WWII. Also, and contrary to the film, the British (not the Americans) captured a 4 rotor Enigma machine from the submarine U110
formatting link
Here's a good article about Enigma, if you're interested.
formatting link
'll note that the British designs for their code breaking equipment (bombes) was made available after a US Navy visit to Bletchley Park in July 1942. JN25 was reportedly broken before Pearl Harbor by the Britosh at Singapore where John Tiltman worked. Tiltman, who was born in London on May 24, 1894, later worked at Bletchley Park. The Americans did "break" JN25 but not untill many months later.
formatting link
that Bletchley Park operations were kept secret up to 1989 I doubt if the full level of collaborative effort has ever been fully published. I would guess that John Tiltman's achievements were shared by the Allies - and this should cast some reasonable doubt about who was first. Like the majority of VOIP conversations - it really does not matter anyway. If there is any relevance in what I am speaking about it is this: that if JN25 was understood at the time of Pearl Harbor and at Midway - the outcome of each occasion was not affected by whether or not Japanese messages were encrypted, but by whether or not they were sent (and intercepted) in the first place. There is only one way to keep secrets and that is not to tell them, as demonstrated by the documented Japanese radio silence prior to Pearl Harbour. Apologies for getting (slightly) off topic on this.

I don't agree... its not encrypted because it mostly does not need to be encrypted. Pre Shared Keys for example, make it possible to have a message encrypted without the recipient (or anybody else) knowing where the message originated. If you're fast enough you might just get there in time to know who the recipient is. SMTP mail headers are easily forged and anonymity is practically assured. If that is your argument against email encryption - why bother to encrypt VOIP when the only real identifier and prevention of anonymity is possibly voice recognition (or sitting next to the people having the VOIP converssation).

Again, it is clear that your convesation would have not needed to be secured apart from the fact that you decided to inappropriately disclose a secret. Tell me...if your converstion had been encrypted would you still have felt the need to change the password? If you would - what would the point have been in the encrytion? If you wouldn't - would you have relied on the encryption to keep your secret, or, would it have been better not to have told the password in the first place? Or was it just luck that the timing of the password change coincided with your disclosure.

How many times do we return to find that we'd forgotten to lock the car (but nothing thankfully is missing). Would the car have been more secure if we'd locked it? If yes, then only because of the probability of an intrusion and not because of something evidenced by facts.

You'll know the story about the person who was fed up of having his car broken into - so he left a note on the dash saying "nothing valuable inside". When he returned to the car he found it broken into with a note beside his, which read, "just checking".

So... why did you reveal the root password? Crime-think is not built into VOIP phones and probably shouldn't need to be. The Eskimo story earlier in this thread sums it up. While we should (and do) acknowledge human imperfections, the answer is not in phone technology, but in how we use it.

Reply to
jnitron

There are some serious loopholes in your "simple" rhetorical question.

The first is that we are considering information here. There is a difference between telling the public that you have sex or that you defaecate, and actually demonstrating that functionality in a public place.

Second, paranoia is being used to describe somebody who (ignoring the psychiatric defenitions) in this instance is obsessed with hiding information because he believes the information is more important than it actually is. It seems that you are trying to describe somebody who has nothing to hide, should be an exhibitionist, and is clearly exactly the opposite. Reactions to having feelings of "something to hide" and "having nothing to hide" can certainly cause extreme behaviour. Walking around with an M16 and "taking everybody out" who glances at you, while you use your VOIP mobile might be a little more extreme than deciding to have sex or defaecate in public - but both are at the ends of the same spectrum (and both, fortunately, are frowned upon by the law) If you can't tell why not?, then perhaps you should seek some professional help.

Lastly, if you want to discuss sex and defaecation in a VOIP conversation then that is up to you. I'm certain that you will not need any encryption whatsoever to discourage others from listenning to you, but if they did, I don't suppose it would matter a sh*t etc.

I think you mentioned tripe somewhere....

Reply to
jnitron

:>>Paranoia is the hallmark of somebody who has something to hide and he :>>believes others have reason to be concerned about.

:Second, paranoia is being used to describe somebody who (ignoring the :psychiatric defenitions) in this instance is obsessed with hiding :information because he believes the information is more important than :it actually is.

Circular reasoning. When you were challenged on your statement by people who were understanding it in terms of the usual definition of "paranoia", you redefined "paranoia" to describe the the symptoms which earlier you said were a "hallmark" of some people.

It's like saying, "Ferdnitz is the hallmark of people who frobitz", and then "Ferdnitz is being used to describe people who obsessively frobitz". How can you possibly be wrong, when you've redefined the terms so that you are right by definition?

Reply to
Walter Roberson

You have inside knowledge of what Big Brother is interested in collecting? Do you work for Big Brother?

Somehow, I thought that I had an expectation of privacy when talking on the phone. I guess not. I'll appoint you official censor to decide what I can safely discuss over the telephone.

OK, let's take them one at a time: Bank ID: When someone rips off my credit card number and the bank phones me to verify the purchase. SSI number: Used to verify my identity when talking to my bank. Birthdate: Used to verify various accounts (bank, cheque, credit). Mother's maiden name: Also used to verify identity. Password collection: Walking my customers through an email or account setup. Name of Mistress: Never mind.

Are these sufficient reasons to mention these over the phone?

Thanks. I didn't know that the British had proceeded the Americans in cracking JN-25. The book I previously noted did not include any mention of British contributions to cracking JN-25.

That's not very practical for running a world wide military operation. It might be possible to maintain radio or telephone silence for a short period of time, for a single operation (Battle of the Bulge), but to maintain any coordination with distant operations requires radio and telephone communications. Similarly, if I want do business these days, I have to use unencrypted email and unsecured telephones. Using sealed letters might be an alternative, but would be very slow.

Who are you to judge what does and does not require encryption? If a link is deemed to be secure, then EVERYTHING going across that link should be encrypted. Most of the traffic probably doesn't need to be encrypted, but once the capabilities are present, encryption becomes part of the definition of security and is therefore required for all communications along that link.

True. PGP also has an anonymous encryption feature. However, the limitations of pre-shared keys are well known. The RFC's I mentioned include authentication methods that are traceable back to the originator. This is generally required to prevent spoofing. We could create an encryption system without authentication, but if you also want to prevent spoofing, identity theft, spam, and counterfeit servers, authentication is required.

I'm a fan of X.509 certificates and authentication. I want to know that the other end of the conversation is my intended recipient, and not a simulation generated by a computah. When I used to work at a radio station, I did a fair job of impersonating various personalities by engaging in a conversation using recorded sound clips.

Again, who are you to decide which of my conversations need securing and which may be safely sent in the clear? Wouldn't it be better and safer to encrypt everything rather than risk inadvertently blabbering something inappropriate or confidential?

Oh yes. I needed to remind the customer of the root password over the phone because we needed to get the server up and running as quickly as possible. Delays meant lost dollars. However, I made it a point of changing the major passwords on such systems about every 3 months. It was overdue and thought this would be a good time. Had I changed it previously during at the regularly scheduled cycle, I would probably

*NOT* have changed it on arrival, and ended up getting hacked. I guess I had good karma or something.

Had I known and trusted the encryption, I probably would have felt a bit better about disclosing the password. However, knowing that most cellular systems with encryption (i.e. CDMA) also have automated wiretap facilities at the switch, methinks I would tend to treat the circuit as unprotected.

I don't. The only encryption I trust is end to end. Cellular encryption is NOT end to end.

You mean like relying on WEP128 wireless encryption when it's know to be crackable by commonly available tools? That's a judgment call based on the technology used. I'm familiar with CDMA encryption (CAVE) and know some tricky ways it can be theoretically cracked. It's also not encrypted between the cellular switch and the PSTN. I don't have an simple answer for all types of voice/data links and encryption methods. My general rule is lousy encryption is better than none because it eliminates a large number of lazy and marginal hackers from the playing field.

Pure luck that I changed it on arrival. Sorry, it's not a perfect example of the dangers of unencrypted voice traffic, but it's close enough.

We can play this one by the odds if you want. Chances are very small that an individual VoIP convesation will get hacked. The chances are sufficiently small that risking an un-encrypted conversation might be an acceptable risk. However, it's no the odds, but the risks. Is the risk of hacking worth the cost and overhead of encryption? Again, it depends on the traffic and hardware.

To expedite a crash recovery while I drove like a maniac to the customer's server farm.

A very poor answer methinks. By limiting my ability to exchange secrets and confidential information via a medium that could be private and secure, you'll limited the usability of that medium. Whether this is a fair tradeoff depends on the costs of encryption and the effects on usability.

Reply to
Jeff Liebermann

formatting link

Reply to
Peter Hayes

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.