Slashdot Mirror

← Back to Stories (view on slashdot.org)

Compressed VoIP Calls Vulnerable To Bugging

Posted by kdawson on Friday June 13, 2008 @04:20AM from the say-that-again-slowly dept.

holy_calamity writes "Security researchers at Johns Hopkins report that a variable bit-rate compression scheme being rolled out on VoIP systems leaves encrypted calls vulnerable to bugging. Simpler syllables are squeezed into smaller data packets, with more complex ones taking up more space; the researchers built software that uses this to spot phrases of interest in encrypted calls simply by measuring packet size."

2 of 140 comments (clear)

Min score:

Reason:

Sort:

Re:Do what my grandparents do by smitty97 · 2008-06-13 04:26 · Score: 5, Funny

That or you could just learn Russian... I don't think they *have* any simple-syllable words in Russian :-) In Soviet Russia, VoIP bugs you!

--
mod me funny
Re:Easy Solution: by Anonymous Coward · 2008-06-13 04:26 · Score: 5, Insightful

Better solution: Fix the stupid, broken protocol.

For instance, the concept of RSA blinding had to be invented because people discovered that certain bits of the SSL private key can be determined simply by measuring the time it takes to encode messages. This was due to some implementation details inside SSLeay where it switched from one multiplication algorithm to a different one depending on the size of certain numbers in the algorithm.

OAEP had to be invented for similar reasons

"Music in the background" is not a security solution. In fact, that's a freaking joke.