Security Basics mailing list archives

Re: VoIP security

From: Pbt <info16 () unsigned ath cx>
Date: Thu, 21 Apr 2005 09:44:50 +0200

It depends... What kind of protocol is used in her case ? 
But sincerely, SRT(C)P is/are not often seen and if it's a SIP phone, it
may use SIP & RTP only... So, using a sniffer, sox, vomit or smth else
would be sufficient to decode packets and get her credit card
information.

        Pierre

Le mercredi 20 avril 2005 à 09:52 -0400, Seth Art a écrit :

My coworker had an interesting question.  She had to validate her
credit card number over the phone using her social and other sensitive
information.  She has a VoIP router from her ISP.  The question: Are
the VoIP packets encrypted as they go across the wire?   Or can
someone sniffing in the right place capture all of that sensitive VoIP
traffic and reassemble her CC# and SS# from the tones? Is this
somethign that might be an issue in the future or is there already an
answer out there?

-Seth


-- 
Pbt

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

VoIP security Seth Art (Apr 20)
- Re: VoIP security Champ Clark [Vistech] (Apr 21)
- RE: VoIP security David (Apr 21)
- Re: VoIP security Pbt (Apr 21)
- <Possible follow-ups>
- RE: VoIP security Joshua Berry (Apr 21)
  - Re: VoIP security Mihai Amarandei (Apr 22)
- RE: VoIP security Drumm, Daniel (Apr 22)
  - RE: VoIP security Anil Saini (Apr 25)
  - Re: VoIP security Champ Clark [Vistech] (Apr 25)