VoIP Security

An anonymous reader writes "Whitedust are running an interesting article on the security aspects of VoIP. From the article: "The fact that VoIP operates across standard networks makes it vulnerable to all manner of IP hacking - including man in the middle attacks,sniffing, session hijacking, etc." Considering it's recent growth, how secure is VoIP?" PCM2 sent us a wired bit about Phil Zimmerman of PGP working on a privacy system for Voice over IP calling

Re:Man in the middle.

[Shakrai]

Unless you were targeting one specific person, the above will work fine

My whole point was that it's much harder to target one specific person with POTS then it is with VoIP. What's easier? Finding my pair or capturing packets from/bound for my IP address?

The article was dealing with security, and the security for both is the same. You would have to do the same for VoIP as you do for POTS if you want security. Harden the conduit, and encrypt and decrypt the message at the TX side and RX side.

And you still have the problem of the person at the other end who is on his speaker phone while the cubemate next door listens. Ultimately the only end of the line you know is secure is your end (POTS or VoIP) and this is all for highly paranoid people anyway.

As much as I am arguing against VoIP (and cell phones) security is not the reason why. I worry about more reliability and quality of service -- both of which seem to be lacking at this time.