VoIP Vulnerabilities, a white paper issued by McAfee Labs, found almost 60 vulnerabilities in voice over internet products, compared to just under 20 vulnerabilities in 2006.
"We can credit part of this increase to better tools for finding VoIP vulnerabilities, yet this upward trend should be largely attributed to the growing number of VoIP installations", the white paper said...
Eavesdropping on VoIP conversations is possible when the default implementation of the Real Time Protocol (RTP) used to carry VoIP traffic is not encrypted, for example. Tools such as VOMIT have been published to dump unencrypted traffic between phones and turn it into playable sound. (more)
Advice from McAffee on eavesdropping attacks... For a superior solution, you should use secure RTP (SRTP), which provides both encryption and authentication. (more)
"We can credit part of this increase to better tools for finding VoIP vulnerabilities, yet this upward trend should be largely attributed to the growing number of VoIP installations", the white paper said...
Eavesdropping on VoIP conversations is possible when the default implementation of the Real Time Protocol (RTP) used to carry VoIP traffic is not encrypted, for example. Tools such as VOMIT have been published to dump unencrypted traffic between phones and turn it into playable sound. (more)
Advice from McAffee on eavesdropping attacks... For a superior solution, you should use secure RTP (SRTP), which provides both encryption and authentication. (more)
