Who’s Listening to Your Phone
Calls?
reprinted with
permission from the HP Small Business Center
Simple to use and cost effective, VoIP (Voice over IP)
solutions have taken the communications world by storm. But with
this increase in popularity come serious security issues.
The problem with VoIP
calls is the very thing that makes them so popular: they travel over
the Internet. Because of this simplicity, VoIP calls can be
intercepted at two points: the call setup and the call data flow.
Tapping into the call setup provides the intruder with information
on who called a particular number, and if they listen, what was said
on that call. All that's needed to hack into a call is a
packet-sniffing program that can be easily downloaded from the
Internet and a tiny piece of hardware that taps into a physical wire
undetected.
So just who might be
spying on you? Anybody from business competitors, employees, your
boss, your spouse, organized crime, the government, and
nosy-tech-snoops can all listen to outgoing and incoming VoIP calls.
If your paranoia is now
shooting off the charts, here’s the good news: there are lots of
ways to secure VoIP calls at both the network and the individual
user level.
Security at the
network level
First of all, both business and individual
users should look for equipment that incorporates Wireless security
standards such as Wi-Fi Protected Access (WPA), WPA2 and IEEE
802.11i. Make sure your network devices utilize at least one of
these technologies.
Security installed on
network routers and gateways can protect VoIP-call confidentiality
by encrypting both the call setup and the audio stream itself.
Businesses and individuals subscribing to a hosted VoIP service like
Skype can take advantage of the encryption that is incorporated into
the software.
Businesses using a VPN
(virtual private network) can utilize the technology's built-in
encryption for gateway-to-gateway VoIP-call protection. This
security is automatically supplied to all VoIP users – even
traveling employees connecting to the VPN from a laptop. Internal
VoIP security can be further enhanced by running the technology on
the company network, allowing the infrastructure's usual safeguards
to keep calls safe from snooping.
Finally, a
well-configured firewall will block hackers trying to enter a
company’s VoIP system through a wireless device.
Security at the user
level
Various IP-based features allow users to isolate
themselves from unwanted callers and to protect their
identity.
- Anonymous call
rejection allows users to reject incoming calls from people who
have blocked their phone number and name, thereby screening out
telemarketers and anyone trying to hide their identity.
- Outbound-caller ID
blocking allows the user to hide his or her identity – but be
aware that this can also result in the call being blocked by the
aforementioned anonymous call rejection.
- Call blocking enables
users to screen or reject calls from specific phone
numbers.
There are other simple
precautions you can take if you are concerned about personal privacy
when using VoIP. The most important one would be not to leave
sensitive information like your credit card details or date of birth
in voicemail messages. These messages will reside on a server
somewhere and would therefore be more vulnerable than a regular
voice call. As we mentioned earlier, encryption hardware and
software is already available from some providers, so ask your
provider about their encryption capabilities.
