Compressed VoIP Calls Vulnerable To Bugging

← Back to Stories (view on slashdot.org)

Compressed VoIP Calls Vulnerable To Bugging

Posted by kdawson on Friday June 13, 2008 @04:20AM from the say-that-again-slowly dept.

holy_calamity writes "Security researchers at Johns Hopkins report that a variable bit-rate compression scheme being rolled out on VoIP systems leaves encrypted calls vulnerable to bugging. Simpler syllables are squeezed into smaller data packets, with more complex ones taking up more space; the researchers built software that uses this to spot phrases of interest in encrypted calls simply by measuring packet size."

19 of 140 comments (clear)

Min score:

Reason:

Sort:

Re:Do what my grandparents do by smitty97 · 2008-06-13 04:26 · Score: 5, Funny

That or you could just learn Russian... I don't think they *have* any simple-syllable words in Russian :-) In Soviet Russia, VoIP bugs you!

--
mod me funny
Evasive, ummm, technology by martyb · 2008-06-13 04:30 · Score: 4, Funny

FTFA
In tests on example conversations, the software correctly identified phrases with an average accuracy of about 50%. But that jumped to 90% for longer, more complicated words. Wright thinks these phrases may be the most important. "I think the attack is much more of a threat to calls with some sort of professional jargon where you have lots of big words that string together to make long, relatively predictable phrases," he says. "Informal conversational speech would be tougher because it's so much more random."

So, ummm, what we should do to, umm, well, protect ourselves from, ummm, yaknow, eavesdroppers, heh-heh, is well, make sure there's enough, ummmmmmm, yaknow, like extra noise, like, mixed in, dude.
1. Re:Evasive, ummm, technology by gstoddart · 2008-06-13 05:18 · Score: 4, Funny
  
  So, ummm, what we should do to, umm, well, protect ourselves from, ummm, yaknow, eavesdroppers, heh-heh, is well, make sure there's enough, ummmmmmm, yaknow, like extra noise, like, mixed in, dude.
  
  Oh my god, thats like, totally, like, a great idea, yaknow. I mean, like, they'll never figure out what we're, like, saying, yaknow?
  
  Oryoucouldspeakreallyfastwithoutpausesbetweenwords. Thatwaythey'llneverknowwhatyousaid =)
  
  Or. We. Could. All. Speak. Like. Shatner. Random. Long. Pauses. Genius.
  
  Cheers
  
  --
  Lost at C:>. Found at C.
2. Re:Evasive, ummm, technology by Anonymous Coward · 2008-06-13 06:23 · Score: 2, Funny
  
  Or. We. Could. All. Speak.
  Like. Shatner. Random. Long.
  Pauses. Genius.
  
  You're missing one syllable in the middle line...
Here's a thought by mhall119 · 2008-06-13 04:34 · Score: 1, Funny

Encrypt the data first, then compress it.

--
http://www.mhall119.com
1. Re:Here's a thought by Anonymous Coward · 2008-06-13 04:43 · Score: 1, Funny
  
  I just threw something together in Python that will compress encrypted data at a near 1:1 ratio.
2. Re:Here's a thought by oodaloop · 2008-06-13 05:06 · Score: 3, Funny
  
  Voice data just CAN'T be securely encrypted. Really? I have a Top Secret phone on my desk, and I can assure you it's pretty secure. (And no, it's not a shoe.)
  
  --
  Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
3. Re:Here's a thought by gstoddart · 2008-06-13 05:21 · Score: 2, Funny
  
  In case you can't figure it out: good encryption makes data look completely random. Do you know of any algorithms which compress PURELY RANDOM data? I sure as hell don't.
  
  Sure, drop every other byte. It'll be half as big. ;-)
  
  Cheers
  
  --
  Lost at C:>. Found at C.
Re:Easy Solution: by Daimanta · 2008-06-13 04:44 · Score: 4, Funny

""Music in the background" is not a security solution. In fact, that's a freaking joke."

Yes, but a joke you can dance on.

--
Knowledge is power. Knowledge shared is power lost.
Re:Do what my grandparents do by markana · 2008-06-13 04:47 · Score: 4, Funny

>That or you could just learn Russian... I don't think they *have* any simple-syllable words in Russian :-)

Da!
Re:Do what my grandparents do by mlwmohawk · 2008-06-13 04:48 · Score: 3, Funny

Just speak arabic!! We already know the FBI and CIA don't have enough translators.
Re:Do what my grandparents do by hummassa · 2008-06-13 04:55 · Score: 3, Funny

That or you could just learn Russian... Which would give you an advantage, if you ever have to pilot a bleeding-edge mind-controlled Russian jet fighter.

--
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Re:Easy Solution: by martin_henry · 2008-06-13 05:12 · Score: 3, Funny

Awesome....a VOIP dance party.

--
www.purevolume.com/martyd
Re:Do what my grandparents do by Anonymous Coward · 2008-06-13 05:28 · Score: 1, Funny

Da!
solution by obfuscation... heh. by Anonymous Coward · 2008-06-13 05:29 · Score: 1, Funny

Merely utilize the stupendous wealth of complex language alternatives located in the voluminous expanse of your thesaurus to inflate your unimportant topics of conversation to prodigious lengths, and leave the vital ones to sound so simple they don't pay them any notice!

Anyway, what's the use of this? "Oh wow, they must be talking about something interesting. Now if I only knew what they were saying..." The simple fact that the communication is being encrypted would allude to that.
Re:Easy Solution: by gstoddart · 2008-06-13 05:31 · Score: 2, Funny

Easy Solution. Music in the background.

Oh, sure, give the RIAA reason to get involved in encrypted phone calls.

They'll try to make sure you're not using unlicensed music to mask your conversations. We'll be seeing John Doe subpoenas to get access to what music you were playing. :-P

I'm only half joking.

Cheers

--
Lost at C:>. Found at C.
ode-cay by fahrbot-bot · 2008-06-13 05:37 · Score: 3, Funny

Ust-jay eak-spay in ode-cay.

--
It must have been something you assimilated. . . .
Re:Do what my grandparents do by Samizdata · 2008-06-13 07:20 · Score: 2, Funny

I worked for a set of commodity trader brothers back in the 80's. One of them, who worked as their corporate attorney, was in a Club Fed for tax issues.

I saw more than one threat from the Bureau of Prisions warning them to stop using Latvian (their native tongue) during phone calls to the incarcerated.

--
It's not the years, honey, it's the mileage. - Colonel Henry Walton Jones, Jr., Ph.D.
Re:This is compressed, encrypted VOIP by 6Yankee · 2008-06-13 10:17 · Score: 2, Funny

the buggers in government

Oooh. Well played, Sir, well played.