[VOIPSEC] article on vulnerability of compressed audio
dirkbjr at mac.com
Mon Jun 23 21:52:06 BST 2008
I saw a couple article references to the following. Was curious to see
what the impression of the
voipsec community was regarding this.
Subject: Compressed web phone calls are easy to bug (fwd)
Compressed web phone calls are easy to bug
Plans to compress internet (VoIP) phone calls so they use less
make them vulnerable to eavesdropping. Most networks are currently
many service providers are due to implement the flawed compression
The new compression technique, called variable bitrate compression
different size packets of data for different sounds.
That happens because the sampling rate is kept high for long complex
like "ow", but cut down for simple consonants like "c". This variable
saves on bandwidth, while maintaining sound quality.
VoIP streams are encrypted to prevent eavesdropping. However, a team
Hopkins University in Baltimore, Maryland, US, has shown that simply
the size of packets without decoding them can identify whole words and
with a high rate of accuracy.
VoIP systems accessed via a computer like Skype have become popular in
years, and internet-based phone systems are increasingly appearing in
offices too to connect conventional telephones. Matching packets
Only a few services currently employ the vulnerable compression
more networks had hoped to include it in future VoIP upgrades, says
Wright, a member of the John Hopkins team. "We hope we have caught
before it becomes too serious."
Eavesdropping software the team has developed cannot yet decode an
conversation, but it can search for chosen phrases within the
This could still allow a criminal to find important financial
conveyed in the call, says Fabian Monrose, another team member.
The software breaks down a typed phrase to be listened for into its
sounds using a phonetic dictionary. A version of the phrase is then
together from audio clips of phonemes taken from a library of example
conversations, before finally being made into a stream of VoIP-style
That gives an idea of what the phrase would look like in a real VoIP
When a close match is found in a real call, the software alerts the
eavesdropper. Jargon catcher
In tests on example conversations, the software correctly identified
with an average accuracy of about 50%. But that jumped to 90% for
Wright thinks these phrases may be the most important. "I think the
much more of a threat to calls with some sort of professional jargon
have lots of big words that string together to make long, relatively
predictable phrases," he says. "Informal conversational speech would
because it's so much more random."
Philip Zimmermann, the founder of the Zfone VoIP security project,
compression schemes lesson no longer seem like a good idea.
"I'd suggest looking for other alternatives," he says. Networks could
problem by padding out the data packets to an equal length, he adds,
this would reduce the extent of the compression.
A paper on the Johns Hopkins team's work was presented at the 2008 IEEE
Symposium on Security and Privacy, in Oakland, California, US, last
More information about the Voipsec