Voice of VOIPSA

We were contacted today by Takehiro Takahashi, a graduate research student at the Georgia Institute of Technology, who has an intriguing new research project they called “Voice over VoIP”.  From their main web page:

Vo²IP is a proof of concept attack which demonstrates a new type of VoIP threats, the VoIP covert channel. With Vo²IP, you can establish a hidden conversation by embedding further compressed voice data into regular PCM-based voice traffic (i.e. G.711 codec). Therefore anyone who is wire-tapping your conversation will decode something completely different from the actual conversation - granted that he is not aware of the use of Vo²IP.

As I understand it, they basically take a G.729 audio stream and tuck that into a spare 8Kbps that can be found in a G.711 audio stream.  An eavesdropping attacker would hear only the overall G.711 audio while the Vo2IP clients on either end encoded/decoded the covert stream (more details here and here). In any event, Takehiro and his fellow researchers would be very interested in any feedback folks have on the project.  Source and binary code for Windows is available. Please email Takehiro with any feedback.

This entry was posted on Tuesday, July 3rd, 2007 at 7:28 pm and is filed under Security, VoIP Security, VoIP Security Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.