Sponsored Links

Encrypted residential Voip service provider

That's fairy trivial. It's been possible for decades easily with Cain & Abel though I am sure more modern and easier to use programs now exist.
Run Cain & Abel, arp spoof/poison between the router and the victim [in this case the ATA?]. All traffic then gets relayed via the attack machine (which in this case appears to a suggestion it is the victims own computer), at that point wireshark gets it all.

Though it wouldn't be possible if the router was being an ATA and the traffic was exiting directly on the WAN side of the router. This assumes the victim is using a desk SIP phone, softphone or ATA on the LAN.
 
If you're at the point where a machine has been totally compromised then an attacker is more likely to copy out all the session cookies or deploy persistent remote access software than mess around with the phone call stuff.

Unencrypted VoIP would be quite far down my list of attack vectors when considering a home user, though it probably is necessary to reconsider the blanket "port to A&A and use your own ATA" recommendation that usually pops up amongst the more tech savvy forum users - not only is the setup more complicated, there are credentials that could be stolen and used for toll fraud, and providers that are building the phone socket into their routers have the option to use SRTP or avoid SIP entirely if they wanted to. I've even seen suggestions to buy Cisco SPA ATAs from eBay since they're cheap, even though they have RCE vulnerabilities with a CVSS of 9.8 that Cisco have listed as "wontfix".

I run an ATA for myself on a separate VLAN, but my recommendation to family would be to buy phone service from your broadband provider.
 
I support many, many people with A&A and other providers (yay dial9, sipgate) with ATAs or Gigaset/Yealinks of varying types.. Never had a problem in a decade or more.

I'm actively moving people away from things like BT Digital Voice due to their inability to allow dial of local numbers without the area code and the inability to use another router whilst using their DV service. (Or if you wanted to keep using their router, the inability to enable ping on the WAN and the unreliability of port forwarding.)
 
Never had a problem in a decade or more.
Never had a problem in well over a decade 😂

Use a strong password, change it regularly, avoid devices that are well out of security support and don’t stick things out in the open internet / DMZ rubbish.

Basic internet security hygiene.
 
My thoughts about the most ridiculous thought processes people have on why you dont need security/encryption.

THOUGHT: Why do you need encryption? I've never had a problem.
MY VIEW: Why do you lock your door? Why wait till you have a problem.

THOUGHT: Why encrypt your side, the other side of the phone call is very likely not encrypted:
MY VIEW: If people started choosing encrypted VOIP providers, the more likely it is that the other end of the call will also be encrypted. 50% of the path is protected if you encrypt your end. There are only a relatively small number of VOIP providers in the UK (relative to users). The more providers support encryption, very quickly the more likely your conversation is encrypted.

THOUGHT: What are you trying to protect from?
MY VIEW: Why do specifics matter. Encryption is good standard practice. You dont leave your PCs without Anti Malware and wait until you identify specific intrusions. You just do it as good practice.

THOUGHT: Run an seperate Vlan for the phone system.
MY VIEW: Its still not encrypted.

MY VIEW: The government can listen, the ISP can listen in. You may have sensitive intelectual property you are discussing with a client:
MY VIEW: You may be sharing other sensitive details over the phone such as bank account details or credit card details.
MY VIEW: If you are a famous actor for example, you could be listened in by a newspaper or other media companies and we all know how they are sooooo responsible.
MY VIEW: The default position should be encryption. People should be asking - Why there is no encryption support from the vast majority of VOIP providers? Modern processing power doesnt make it difficult.
 
  • Like
Reactions: bon
sipgate is encrypted / offers encryption via sRTP
Just checked, they may have dropped it...
From theor website:

Is SRTP/TLS Voice Encryption Possible with sipgate trunking?​

No, we do not offer any SRTP/TLS Voice Encryption with our sipgate trunking product.
With sipgate trunking calls are transmitted without any encryption. A possible alternative would be to use encryption options provided via a VPN.
 
Sponsored Links
Just checked, they may have dropped it...
From theor website:

Is SRTP/TLS Voice Encryption Possible with sipgate trunking?​

No, we do not offer any SRTP/TLS Voice Encryption with our sipgate trunking product.
With sipgate trunking calls are transmitted without any encryption. A possible alternative would be to use encryption options provided via a VPN.
Trunking is a different product though
 
If you are concerned that people may be able to hear your conversations or hack into your call remotely by listening in to them it is certainly possible that with the right equipment, a lot of knowledge and a good incentive, that someone may be able to do so; just as it is with both mobile and ordinary landline telephony.

However, there are a few things to consider. Firstly, you need to ask yourself why anyone would be remotely interested in your conversations? Secondly, if you didn't worry about it before, when it was possible for someone to simply put two clips across your telephone wire to listen in, why are you concerned now when it requires a lot more technical ability?

You also need to separate in your mind the difference between a phone call and other pieces of computer information sent down your telephone line. A phone call happens in real time, its start point is unknown before it happens and is gone forever when it's over.

Other data, such as emails, are stored in ordered format and can be searched for historically and worked on over time. So phone calls start and finish more securely than most other communication methodologies and don't leave a stored record of their content.

If you're making telephone calls that need to be totally secure from eavesdropping you should use no publicly available telephone service.

However, unlike ordinary telephony, VoIP can be encrypted to make it secure but unfortunately there are some very misleading statements being made about secure or encrypted VoIP. To be any use at all, encryption needs to be end-to-end in order to fully protect the conversation.

But currently the only way that this is possible is on a VoIP to VoIP call over the same vendor network using hardware, which supports it and a network, which allows it. This is a rare kind of phone call. The overwhelming majority of calls going to and from companies originate or terminate on the public telephone network. The PSTN is not encrypted, so any calls placed to or from it are unencrypted - there is absolutely nothing any telephone service provider can do about this.

Furthermore, calls from one VoIP network to another VoIP network are also not encrypted which leaves the only use for encryption to be for in-company calling. Sadly, an attacker with access to the phone's local network will be capable of disabling encryption but if the local network is secured, there's little to no benefit to encryption.
 
Agree with everything @WelshPaul says.

Makes me recall similar conversations about PCI compliance regarding over the phone credit card acceptance and the risk those calls might be intercepted. The PCI (payment card industry) rules were "happy" that an analogue phone call was secure enough, but as soon as a company taking telephone based credit card payments had VoIP in the mix then the entire phone system and network came into pretty onerous PCI scope with a lot of additional security requirements to the extent whereby it was nigh impossible for a normal enterprise to really fully comply despite spending significant money. It really was a sledgehammer of security to crack of nut of very small risk (but admittedly high impact if it happened). Whataboutery at its finest.

I tried to influence the PCI council and I think I and many others have managed to get the onerous requirements watered down. Thankfully other technology solutions exist these days for payments over the phone, and I don't need to get so personally involved in PCI drama.
 
Last edited:
Redphone is a cool encrypted phone call app.

The only issue is the other person you're talking to needs to have it installed too :LOL:
I can see why some people might want to have secure calls. But I can also see why it's almost entirely pointless for the majority of people / normal VoIP users. Still, this doesn't make encryption "bad" per se, and I think it's good for providers to offer encryption. It just isn't that useful at the moment (due to not being end-to-end encrypted).

While we're at it, websites you don't log into .. why do we encrypt them :ROFLMAO:
 
Sponsored Links
However, there are a few things to consider. Firstly, you need to ask yourself why anyone would be remotely interested in your conversations?
This sounds a bit close to "if you don't have anything to hide..." argument which I hate.

While we're at it, websites you don't log into .. why do we encrypt them :ROFLMAO:
To maintain data integrity. Non-HTTPS web sites are easy to mess with by ISPs or other parties along the way. This has been done a lot in fact, by ISPs in various countries to inject ads or trackers.
Imagine your ISP rewriting wikipedia non-https pages, random example.
 
While we're at it, websites you don't log into .. why do we encrypt them :ROFLMAO:
I'd stray from Lician's idea.. and say that it all happened after the snowden revelations made it clear nation states were routinely slurping up all the traffic they can.

If you think that isn't already happening with PSTN and VoIP.. you are probably wrong.
 
I'd stray from Lician's idea.. and say that it all happened after the snowden revelations made it clear nation states were routinely slurping up all the traffic they can.

If you think that isn't already happening with PSTN and VoIP.. you are probably wrong.
Now it would probably be sold to the likes of chatgpt/openai/google to train their models on.:eek::ROFLMAO:
 
I'm just thinking about all the 85 olds that will be forced to voip and that spearpishing is much more likely to be targeted at the persons home. Spook them into phoning the bank after you have comprised the computer, then headless wireshark.
Don't get me started on the one hour of backup time disadvantaged people could expect in a blackout with voip even with a UPS.

Depending on the ISP, this is not a problem. BT's Digital Voice is encrypted, both signalling and media (as anyone who's tried to packet capture it will see). It is more secure than POTS!

I can't think of a realistic situation where a scam caller will be running wireshark in such a way as to pick up the VoIP traffic from a separate IP phone though.

The power cut issue is overblown when 99.999999% of those who still use a landline insist on putting a cordless phone on the end of it (with 0 minutes battery backup). It's only now that changes are occuring that people suddenly consider it the greatest injustice to ever befall this country.
 
but as soon as a company taking telephone based credit card payments had VoIP in the mix then the entire phone system and network came into pretty onerous PCI scope with a lot of additional security requirements to the extent whereby it was nigh impossible for a normal enterprise to really fully comply despite spending significant money.
Don't they do this with IP enabled card terminals too? i.h senior runs a small business, single card terminal, no integration with tills or invoicing systems or anything like that. As soon as he moved from modem to IP he had to start agreeing to port scans and justifying any open ports and all of that stuff.

If someone breaks into the terminal and does nasty things, that says a lot more for the terminal's manufacturer and the payment processor than it does the customer!
 
Sponsored Links
Don't they do this with IP enabled card terminals too? i.h senior runs a small business, single card terminal, no integration with tills or invoicing systems or anything like that. As soon as he moved from modem to IP he had to start agreeing to port scans and justifying any open ports and all of that stuff.

If someone breaks into the terminal and does nasty things, that says a lot more for the terminal's manufacturer and the payment processor than it does the customer!
Correct, the earlier batch of internet connected payment terminals did bring your IP network into scope (wired or WiFi). The easy way round that was using payment terminals with a SIM card... the carriers data network was considered secure enough.

Thankfully all this nonsense was terminated a couple of years later with the agreement that point to point encryption and later still end to end encryption certified devices would not bring the IP network into PCI scope. With an upgraded terminal you would usually have no IP network scope to worry about.

From my point of view the PDQ hardware terminals were always fairly benign, they always had a hardware encryption module and were encrypting data. The real risk came from card processing that was built into or integrated into a software based "till" and where the PCI scope data was not kept completely separated from the till. Things have improved in this area as well.
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6026)
  2. BT (3639)
  3. Politics (2721)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2146)
  8. FTTC (2083)
  9. Statistics (1901)
  10. 4G (1816)
  11. Virgin Media (1764)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1407)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules