Sponsored Links

Encrypted residential Voip service provider

ghostwind

Casual Member
Hi anyone know of a encrypted residential Voip service provider offering sRTP or zRTP?
Cheap seems to be the only selling highlight on most web sites.
Is anyone else concerned that standard Voip packets allow conversations to be recorded on the internet?
I've looked for 7 months now and no luck, residential customers ( potential ) are shunned if asking for encrypted Voip. I thought of hosting my own Asterisk server but the trunking would be a problem as would the number porting. I have to get this done before the PSTN is switched off in 2025.

Thanks in advance
Colin
 
Many thanks dabigm, I'm checking them out now. I think the plan is a minimum of two users which would mean about £30 inc vat a month. I am a residential user but it could be a price worth paying as they support sRTP.
 
Sponsored Links
 
What's your threat model that SRTP solves?
I just want to protect against local LAN traffic not being encrypted, I'm not too bothered about end to end encryption I just want my LAN to the voip service provider to be encrypted. It seems a bit bizarre to me because end 2 end is hard and expensive no one thinks the bit between the local LAN an the sip provider is not worth encrypting. If a compromised device in on your LAN, then the packets can be decoded and listened to. Unfortunately sRTP and cert are not well tested in most devices an most connections end up not being encrypted. I pity lots of the soon to be Voip consumers out there that will still use a Voip line for 2 factor authentication and banking.
 
Sponsored Links
Is there significant VOIP interception risk on an internal LAN ?

A typical office Cisco PoE VOIP phone is connected directly to say a 48 PoE Switch, the traffic from the VOIP phone is present only on 2 ports. The port of VOIP phone and the port of the Network Uplink.

On the 46 remaining PoE Switch Ports there is no trace of the VOIP Phone's traffic exchange with the VOIP provider. A Network Switch prevents eavesdropping.
 
MFA codes shouldn't really be done by placing phone calls or sending text messages, but in any case I'd like to see a proof of concept of sniffing VoIP packets from malware residing within the LAN when the majority of consumer VoIP services are going to be terminated on the ISP-supplied router and might not even be SIP.
 
In the case of Virgin Media the ATA in the Hub has a additional 128/128Kb/s provision for the telephone service. The telephone traffic is not on the home users LAN.
 
Sponsored Links
Is there significant VOIP interception risk on an internal LAN ?

A typical office Cisco PoE VOIP phone is connected directly to say a 48 PoE Switch, the traffic from the VOIP phone is present only on 2 ports. The port of VOIP phone and the port of the Network Uplink.

On the 46 remaining PoE Switch Ports there is no trace of the VOIP Phone's traffic exchange with the VOIP provider. A Network Switch prevents eavesdropping.
In the home an not the office then yes.
I'm also concerned about visibility of the packets over the internet to the other caller, not sure we should make it easy for potential eavesdroppers.
 
I'm also concerned about visibility of the packets over the internet to the other caller, not sure we should make it easy for potential eavesdroppers.
You've got no control over that though. Even if you encrypt your side to your chosen VoIP provider.. it will then go to another provider and back into plain between that provider and the other caller!

I am also a bit astonished by the lack of providers and devices supporting or leaning towards default encryption on SIP! However right now, making it easy to adopt and setup seems to be winning over security.
Maybe another Snowden style leak in the future showing how governments are wholesale logging and analysing SIP audio might wake people up ? - I've no basis to think this is what is happening or is true, but it would be trivial for them to do if they wanted or needed.
 
You've got no control over that though. Even if you encrypt your side to your chosen VoIP provider.. it will then go to another provider and back into plain between that provider and the other caller!

I am also a bit astonished by the lack of providers and devices supporting or leaning towards default encryption on SIP! However right now, making it easy to adopt and setup seems to be winning over security.
Maybe another Snowden style leak in the future showing how governments are wholesale logging and analysing SIP audio might wake people up ? - I've no basis to think this is what is happening or is true, but it would be trivial for them to do if they wanted or needed.
It is worrying indeed. But what we have to remember is that your old POTS phone calls were not encrypted either. Hence "wiretaps". You are totally right that even if your VoIP provider used encryption, there's no guarantee that the VoIP provider's upstream does too, and AFAIC no way to find out if it's e2e encrypted unlike with app-based voice calls which can tell you it's e2e encrypted in the call information. But even if you had an encrypted VoIP call, if it were to a regular POTS phone both ends of the conversation would travel "unencrypted" over the POTS network.

The only difference is now that kids with the knowledge from a 15 minute youtube video can intercept it using nothing but a computer, or some unfriendly/nosey sysadmin could.

This is why I prefer to make calls with something like whatsapp, but that's not always an option. I'm sure the spooks love the fact that VoIP isn't encrypted though. They don't seem to enjoy encryption at all really.
 
It is worrying indeed. But what we have to remember is that your old POTS phone calls were not encrypted either. Hence "wiretaps". You are totally right that even if your VoIP provider used encryption, there's no guarantee that the VoIP provider's upstream does too, and AFAIC no way to find out if it's e2e encrypted unlike with app-based voice calls which can tell you it's e2e encrypted in the call information. But even if you had an encrypted VoIP call, if it were to a regular POTS phone both ends of the conversation would travel "unencrypted" over the POTS network.

The only difference is now that kids with the knowledge from a 15 minute youtube video can intercept it using nothing but a computer, or some unfriendly/nosey sysadmin could.

This is why I prefer to make calls with something like whatsapp, but that's not always an option. I'm sure the spooks love the fact that VoIP isn't encrypted though. They don't seem to enjoy encryption at all really.
I'm just thinking about all the 85 olds that will be forced to voip and that spearpishing is much more likely to be targeted at the persons home. Spook them into phoning the bank after you have comprised the computer, then headless wireshark.
Don't get me started on the one hour of backup time disadvantaged people could expect in a blackout with voip even with a UPS. I understand that POTs could be tapped by governments ( hey it was my fathers job) but it was a bit harder for criminals. I'm not a tinfoil hat person, just very annoyed that no one cares about protecting residential voip users. As some others have stated VLAN the traffic away from the rest of the LAN is a good first step but i suspect a lot of Voip converters will not silo the traffic. If my understanding is correct then with sRTP the caller and receiver have a encrypted session once the call is set-up (if both ends have good CA's and the firmware is implemented and set-up correctly). If the default symbol on the phone was an open padlock and only a closed one would be displayed on an encrypted call I would be good with that. When all the POTs is gone what excuse is there for not having encrypted voip ( I'm not doing Google, apple or facebook or signal )?
 
As already highlighted the leading ISPs are providing VoIP on their router, centrally provisioned to protect credentials and they will invariably route traffic to their VoIP infrastructure over their own network not via the internet.

A lot of work has gone into Voice Over Broadband (now referred to as Digital Voice) and the same principles have been applied as they would their business customers and hosted VoIP offerings.

In addition BT and other providers offer BT Protect and other call control equivalents which are probably more important.

See https://business.bt.com/why-choose-bt/insights/ip-technology/voip-security/ for the general jist.

Security for business should be explicitly stated by the provider (and used), if it is not then beware. For the general consumer (especially vulnerable) I would recommend VoBB not third party VoIP.

The weakest link in my opinion is who has or could gain access to the login credentials. VoIP without care isn't location fixed, the VoBB proposed for consumer is. A tick in my view for security and confidence of the emergency services.

Both BT and Virgin are offering the Motorola FW500 hybrid phone currently for resilience and I'm expecting more similar devices going forward.

There were/are many ways to intercept calls on PSTN or VoIP, even Whatsapp has had security breaches via its calls (2019). Easiest way is to intercept mic and speaker on the device. As always its about the risk and the sensitivity of the call.
 
Last edited:
Sponsored Links
If my understanding is correct then with sRTP the caller and receiver have a encrypted session once the call is set-up (if both ends have good CA's and the firmware is implemented and set-up correctly).
Would like to know if this is right, because as far as I know, your sRTP connection is between you and your VoIP provider. I am extremely far from an expert on VoIP though.
 
It's definitely between just two points in the leg. The SIP server will be decrypting and sending it on (if not configured to encrypt on the next leg) in the clear to their upstream. I run an SRTP Asterisk and then connect to AAISP (who don't have SRTP support). Asterisk downgrades by default without me having to explicitly configure it to do so.
If I call another extension on my Asterisk it also default downgrades unless the other extension has ticked their phone settings to do SRTP.
 
Thank you all for your comments and information. I feel much more informed to source my Voip service now. Though it is tempting to convert my phone over to my existing ISP ( which will silo a unencrypted connection from the telephone converter box from the rest of the LAN) I have decided to go for one of the few voip providers that support sRTP and I will VLAN any voip phones I have on the system so the LAN traffic can not be seen.
 
I'm just thinking about all the 85 olds that will be forced to voip and that spearpishing is much more likely to be targeted at the persons home. Spook them into phoning the bank after you have comprised the computer, then headless wireshark.

How are you getting the Wireshark trace in this scenario?
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6026)
  2. BT (3639)
  3. Politics (2721)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2146)
  8. FTTC (2083)
  9. Statistics (1901)
  10. 4G (1816)
  11. Virgin Media (1764)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1407)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules