VOIP over Wi-Fi subject to eavesdropping?

On Sun, 07 Aug 2005 07:48:48 GMT, David Taylor <djtaylor@bigfoot.com>
wrote:
[color=blue][color=green]
>> Consider that the WiFi eavesdropper also needs to be within reception
>> range and his task becomes even more difficult.[/color]
>
>That's hardly a problem with a decent antenna. People have been
>sniffing round for open AP's for ages, similarly screwing up Bluetooth.
>Maybe VoIP credit card detail hijacking is next. It's not that
>difficult.[/color]

Well, it's a bit more difficult that it appears. One of the problems
I previously hinted is that in order to "wireless-tap" a VoIP
conversation, it is necessary to hear both radios that are involved.
Just listening to the access point only gives you half the
conversation. The solution is to either position yourself in an ideal
location, where both the AP and the client radio can be sniffed, or to
use two sniffers. It's especially messy with point to point links,
where there's often not enough RF at ground level to hear both sides
from one location.

If such sniffing is done with a single laptop, the antenna probably
needs to be an omnidirection affair (to hear both sides). While a
dish or panel might offer more gain to do this at a distance, the omni
will require that the sniffer be located fairly close to the radios.
However, for sniffing in a coffee shop, almost any antenna can be
used.



--
Jeff Liebermann [email]jeffl@comix.santa-cruz.ca.us[/email]
150 Felker St #D [url]http://www.LearnByDestroying.com[/url]
Santa Cruz CA 95060 [url]http://802.11junk.com[/url]
AE6KS 831-336-2558

[email]roberson@ibd.nrc-cnrc.gc.ca[/email] (Walter Roberson) wrote:[color=blue]
>The USA denies it, but there is fairly solid evidence in Europe
>(UK especially) and Australia, that there is widespread -automatic-
>sorting through domestic and international telephone conversations --
>automatically checking *all* calls through major exchanges
>(not just calls from "suspects".) To the kind of people that set up
>such massive checking, encrypted calls *by definition* are
>"suspicious" and, if practical such calls should be broken and
>analyzed.[/color]

I can't speak to what is done outside the US, but it is
virtually a guaranteed thing that International calls are
screened for key word recognition here. If you say the right
thing, a human *will* listen to it.

However, doing that for *all* calls is simply too large a
project to even imagine. Hence I really doubt it is very common
on domestic calls anywhere. (Which is not to say that it
doesn't happen on some selectively small portion.)

(Which brings to mind an interesting conversation I had with a
pilot that used to work here in Barrow between gigs flying 747's
in the Middle East for various outfits including the Kingdom of
Saudi Arabia. He asked me one day if his phone might be tapped!
I laughed at him, and said considering the places he goes and
the company he keeps, it probably was. Then I asked him why he
thought it might be, and was he making any international calls.
He said something like, "Well, my son calls his wife who is
currently in Indonesia. She's from China." I just about rolled
off my chair onto the floor! And I told him to be *damned*
careful how they phrase what they say.... He then told me a few
stories about doing things like flying charters with Yasir
Arafat on board. It causes quite a stir when a request for
landing instructions includes an announcement that security
will be needed...)

--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) [email]floyd@apaflo.com[/email]

> Well, it's a bit more difficult that it appears. One of the problems[color=blue]
> I previously hinted is that in order to "wireless-tap" a VoIP
> conversation, it is necessary to hear both radios that are involved.[/color]

What about if that's Joe at home using a wireless VoIP phone to his home
AP? No other radio (as in phone) involved, just off to some SIP proxy
through his phone service provider.

David.

On Sun, 07 Aug 2005 17:10:37 GMT, David Taylor <djtaylor@bigfoot.com>
wrote:
[color=blue][color=green]
>> Well, it's a bit more difficult that it appears. One of the problems
>> I previously hinted is that in order to "wireless-tap" a VoIP
>> conversation, it is necessary to hear both radios that are involved.[/color][/color]
[color=blue]
>What about if that's Joe at home using a wireless VoIP phone to his home
>AP? No other radio (as in phone) involved, just off to some SIP proxy
>through his phone service provider.
>David.[/color]

Same problem. Let's say the access point can be heard from the
street. But the 802.11 VoIP handset is wandering all over the house.
There's no problem hearing the return side of the conversation coming
from the access point, but picking up the handset will be difficult.
As soon as Joe Sixpack puts a few walls between himself and the
sniffing antenna, the signal will be lost or full of reflections. You
get to sniff only one side of the conversation.

I know a sneaky way around this problem, but I don't wanna disclose
any secrets.


--
Jeff Liebermann [email]jeffl@comix.santa-cruz.ca.us[/email]
150 Felker St #D [url]http://www.LearnByDestroying.com[/url]
Santa Cruz CA 95060 [url]http://802.11junk.com[/url]
AE6KS 831-336-2558

At about the time of 8/6/2005 6:02 AM, Phil Thompson stated the following:
[color=blue]
> On Sat, 06 Aug 2005 12:51:32 GMT, Daniel Rudy <nospam@nospam.net>
> wrote:
>
>[color=green]
>>The FBI recently had a demonstration where they broke 128bit WEP
>>security inside of 5 minutes.[/color]
>
>
> why were they wasting their time and your money on that. WPA etc were
> invented precisely because WEP is known to be weak.
>
> Phil[/color]

This was at a security conference. Plus, not all equipment can support WPA.

--
Daniel Rudy

Email address has been encoded to reduce spam.
Remove all numbers, then remove invalid, email, no, and spam to reply.

On Sun, 7 Aug 2005 15:33:41 +0000 (UTC), [email]roberson@ibd.nrc-cnrc.gc.ca[/email]
(Walter Roberson) wrote:
[color=blue]
>In article <j42bf159dd66j4vvt25u4shsto7lcq55fa@4ax.com>,
>jnitron <jnitron-nospam@hotmail.com> wrote:
>:But, lets's consider the qualifier, "all practical purposes".
>
>:What is the risk? If the contents of Fort Knox were housed in an old
>:dusty anonymous warehouse, which nobody knew about, then it would be
>:100% secure. Nobody would know about it so there would be no threat
>:and no risk.
>
>Nope. Kids have a hobby around here: they wander around and
>break into or set fire to old dusty buildings.
>
>"dusty anonymous" warehouses are also subject to "traffic analysis":
>People enter and leave Fort Knox all the time, but people
>mostly leave anonymous warehouses alone.[/color]

My point exactly. If the caller is not the subject of attention, then
security is irrelevant. Even the casual listener in a crowded barroom
or sitting with a laptop in the corner of a fast food outlet will be
no threat whatsoever - even if he finds the conversation to be
"interesting".[color=blue]
>
>:If Steve's telephone conversations are similarly "dusty" and
>:"anonymopus"... lets say boring, then likewise, they are practically
>:secure because they will be of no interest to anyone, and even if
>:somebody happenned to overhear, the conversation would need to be of
>:interest to the eavesdropper to even begin to carry the threat of any
>:potential adverse consequence.
>
>Right. And "Echelon" is merely an organizational unit.[/color]

Paranoia is the hallmark of somebody who has something to hide and he
believes others have reason to be concerned about. Fortunately most of
us have nothing to hide. We are more concerned about finding out about
what is hidden than trying to hide that which most people have no
interest in knowing.
Maybe its time that we turned our obsession with secretiveness into an
obsession with openness. Perhaps disasters kike 9/11 could not happen
if we did so?
[color=blue]
>The USA denies it, but there is fairly solid evidence in Europe
>(UK especially) and Australia, that there is widespread -automatic-
>sorting through domestic and international telephone conversations --
>automatically checking *all* calls through major exchanges
>(not just calls from "suspects".) To the kind of people that set up
>such massive checking, encrypted calls *by definition* are
>"suspicious" and, if practical such calls should be broken and
>analyzed.[/color]

Yes. We agree that even if something can't be cracked in real time it
can be cracked. The interception of wireless messages which happens at
the physical layer and is equivalent to wire tapping CANNOT be
stopped.
What can be stopped is realtime listening to conversations by
employing VOIPsec and other powerful encryption techniques. A SIP
initiated call using IPSEC in a WPA environment works.
Read
[url]http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf[/url]
or maybe you should read about the British achievements at Bletchley
Park 60 years ago, which probably saved America's ass at Midway.
Encoded wireless transmissions are not new and there will probably
never be a way of making them 100% secure.

Remember that the vast majority of email sent across public networks,
even outwith VPN's, is not encrypted. Our reliance on the spoken
word is far less. (For example, President Reagan who said in a
wireless broadcast ....... "My fellow Americans, I'm pleased to tell
you today that I've signed legislation that will outlaw Russia
forever. We begin bombing in five minutes.")

Remember that the question we are trying to answer was concerned with
"practical" security, not the level of security that might be needed
to prevent the interception of thought processes as if in a "Matrix"
dreamworld.

Get real everybody !

In article <gs1df1pkvu6g3hq55tl0lqsm2f1eolrbm2@4ax.com>,
jnitron <jnitron-nospam@hotmail.com> wrote:
:Paranoia is the hallmark of somebody who has something to hide and he
:believes others have reason to be concerned about. Fortunately most of
:us have nothing to hide. We are more concerned about finding out about
:what is hidden than trying to hide that which most people have no
:interest in knowing.

Sigh, the old "Only people with something to hide mind widespread
surveillance" canard.

Do I have "something to hide" ? Yes and No: I publish my political
opinions under another one of my identities so that my employers
are free to ignore them. Does "Freedom of Opinion" exist? In theory,
yes, but so too exists the freedom of people with power to decide
to take a dislike to organizations which employ people who say
things that someone doesn't want to hear.

:Maybe its time that we turned our obsession with secretiveness into an
:obsession with openness. Perhaps disasters kike 9/11 could not happen
:if we did so?

Do Death Squads stop existing when it is discovered who does the
killing? No. Secrecy is only -one- of the themes in the songs Of
power.

A certain well-known country, a target of international terrorism,
objected strenously to the formation of the International Court of
Justice, and the country's price for dropping the resistance was
blanket immunity for its citizens before the court. Is that country
conveying that it has something to hide that is of greater value to it
then the protection gained by exposing terrorists in open courts?

--
The rule of thumb for speed is:

1. If it doesn't work then speed doesn't matter. -- Christian Bau

[color=blue]
>Paranoia is the hallmark of somebody who has something to hide and he
>believes others have reason to be concerned about.[/color]

Every time someone lays that tripe out; I ask them a simple question:

Do you ****/have sex/etc in public?
If you have nothing to hide...why not?

They usually start babbling about then...

--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433

On Mon, 8 Aug 2005 03:13:08 +0000 (UTC), David Lesher
<wb8foz@panix.com> wrote:
[color=blue]
>
>[color=green]
>>Paranoia is the hallmark of somebody who has something to hide and he
>>believes others have reason to be concerned about.[/color]
>
>Every time someone lays that tripe out; I ask them a simple question:
>
> Do you ****/have sex/etc in public?
> If you have nothing to hide...why not?
>
>They usually start babbling about then...[/color]

There are some serious loopholes in your "simple" rhetorical question.

The first is that we are considering information here. There is a
difference between telling the public that you have sex or that you
defaecate, and actually demonstrating that functionality in a public
place.

Second, paranoia is being used to describe somebody who (ignoring the
psychiatric defenitions) in this instance is obsessed with hiding
information because he believes the information is more important than
it actually is. It seems that you are trying to describe somebody who
has nothing to hide, should be an exhibitionist, and is clearly
exactly the opposite.
Reactions to having feelings of "something to hide" and "having
nothing to hide" can certainly cause extreme behaviour. Walking
around with an M16 and "taking everybody out" who glances at you,
while you use your VOIP mobile might be a little more extreme than
deciding to have sex or defaecate in public - but both are at the ends
of the same spectrum (and both, fortunately, are frowned upon by the
law) If you can't tell why not?, then perhaps you should seek some
professional help.

Lastly, if you want to discuss sex and defaecation in a VOIP
conversation then that is up to you. I'm certain that you will not
need any encryption whatsoever to discourage others from listenning to
you, but if they did, I don't suppose it would matter a sh*t etc.

I think you mentioned tripe somewhere....

In article <fr4gf1t8e0hgoas17d8cpoiijj1ebnm1v9@4ax.com>,
jnitron <jnitron-nospam@hotmail.com> wrote:

:>>Paranoia is the hallmark of somebody who has something to hide and he
:>>believes others have reason to be concerned about.

:Second, paranoia is being used to describe somebody who (ignoring the
:psychiatric defenitions) in this instance is obsessed with hiding
:information because he believes the information is more important than
:it actually is.

Circular reasoning. When you were challenged on your statement
by people who were understanding it in terms of the usual definition
of "paranoia", you redefined "paranoia" to describe the
the symptoms which earlier you said were a "hallmark" of some people.

It's like saying, "Ferdnitz is the hallmark of people who frobitz",
and then "Ferdnitz is being used to describe people who obsessively
frobitz". How can you possibly be wrong, when you've redefined
the terms so that you are right by definition?
--
"I will speculate that [...] applications [...] could actually see a
performance boost for most users by going dual-core [...] because it
is running the adware and spyware that [...] are otherwise slowing
down the single CPU that user has today" -- Herb Sutter

On Tue, 09 Aug 2005 03:19:49 +0100, jnitron
<jnitron-nospam@hotmail.com> wrote:
[color=blue]
>Big brother is not yet completely concerned yet ( I believe) about
>the trivial lives of the majority of its citizens, and what they
>discuss in their VOIP conversations.[/color]

You have inside knowledge of what Big Brother is interested in
collecting? Do you work for Big Brother?
[color=blue]
>Skeletons in your
>cupboard?...sure, then don't discuss them on the phone.[/color]

Somehow, I thought that I had an expectation of privacy when talking
on the phone. I guess not. I'll appoint you official censor to
decide what I can safely discuss over the telephone.
[color=blue][color=green]
>>Oh? Could I trouble you for your bank ID, social security numbers,
>>birthdate, mother's maiden name, credit card numbers, collection of
>>passwords, and name of your mistress? Surely you don't think these
>>should be kept hidden.[/color]
>
>So why would you discuss them in a VOIP call ?[/color]

OK, let's take them one at a time:
Bank ID: When someone rips off my credit card number and the bank
phones me to verify the purchase.
SSI number: Used to verify my identity when talking to my bank.
Birthdate: Used to verify various accounts (bank, cheque, credit).
Mother's maiden name: Also used to verify identity.
Password collection: Walking my customers through an email or account
setup.
Name of Mistress: Never mind.

Are these sufficient reasons to mention these over the phone?
[color=blue]
>JN25 was reportedly broken before Pearl Harbor by the Britosh at
>Singapore where John Tiltman worked. Tiltman, who was born in London
>on May 24, 1894, later worked at Bletchley Park. The Americans did
>"break" JN25 but not untill many months later.
>[url]http://www.fpp.co.uk/online/00/09/Codebreaking1.html[/url][/color]

Thanks. I didn't know that the British had proceeded the Americans in
cracking JN-25. The book I previously noted did not include any
mention of British contributions to cracking JN-25.
[color=blue]
>There is only one way to keep secrets
>and that is not to tell them, as demonstrated by the documented
>Japanese radio silence prior to Pearl Harbour.[/color]

That's not very practical for running a world wide military operation.
It might be possible to maintain radio or telephone silence for a
short period of time, for a single operation (Battle of the Bulge),
but to maintain any coordination with distant operations requires
radio and telephone communications. Similarly, if I want do business
these days, I have to use unencrypted email and unsecured telephones.
Using sealed letters might be an alternative, but would be very slow.
[color=blue][color=green]
>>Did you ever wonder why it's not encrypted? You could easily have
>>encrypted email and authenticated servers without much difficulty.
>>There are RFC's describing the techniques in detail. The problem is
>>that you lose anonymity in the process. It's impossible to encrypt
>>and authenticate without point a finger directly at the source of any
>>traffic. There are a large contingent of users that consider
>>anonymity equivalent to privacy and don't want to lose that for fear
>>of government or corporate reprisals. I consider this to be a real
>>fear and the major stumbling block preventing universal encryption.[/color][/color]
[color=blue]
>I don't agree... its not encrypted because it mostly does not need to
>be encrypted.[/color]

Who are you to judge what does and does not require encryption? If a
link is deemed to be secure, then EVERYTHING going across that link
should be encrypted. Most of the traffic probably doesn't need to be
encrypted, but once the capabilities are present, encryption becomes
part of the definition of security and is therefore required for all
communications along that link.
[color=blue]
>Pre Shared Keys for example, make it possible to have a
>message encrypted without the recipient (or anybody else) knowing
>where the message originated.[/color]

True. PGP also has an anonymous encryption feature. However, the
limitations of pre-shared keys are well known. The RFC's I mentioned
include authentication methods that are traceable back to the
originator. This is generally required to prevent spoofing. We could
create an encryption system without authentication, but if you also
want to prevent spoofing, identity theft, spam, and counterfeit
servers, authentication is required.
[color=blue]
>... why bother to encrypt VOIP when
>the only real identifier and prevention of anonymity is possibly voice
>recognition (or sitting next to the people having the VOIP
>converssation).[/color]

I'm a fan of X.509 certificates and authentication. I want to know
that the other end of the conversation is my intended recipient, and
not a simulation generated by a computah. When I used to work at a
radio station, I did a fair job of impersonating various personalities
by engaging in a conversation using recorded sound clips.
[color=blue]
>Again, it is clear that your convesation would have not needed to be
>secured apart from the fact that you decided to inappropriately
>disclose a secret.[/color]

Again, who are you to decide which of my conversations need securing
and which may be safely sent in the clear? Wouldn't it be better and
safer to encrypt everything rather than risk inadvertently blabbering
something inappropriate or confidential?
[color=blue]
>Tell me...if your converstion had been encrypted
>would you still have felt the need to change the password?[/color]

Oh yes. I needed to remind the customer of the root password over the
phone because we needed to get the server up and running as quickly as
possible. Delays meant lost dollars. However, I made it a point of
changing the major passwords on such systems about every 3 months. It
was overdue and thought this would be a good time. Had I changed it
previously during at the regularly scheduled cycle, I would probably
*NOT* have changed it on arrival, and ended up getting hacked. I
guess I had good karma or something.

Had I known and trusted the encryption, I probably would have felt a
bit better about disclosing the password. However, knowing that most
cellular systems with encryption (i.e. CDMA) also have automated
wiretap facilities at the switch, methinks I would tend to treat the
circuit as unprotected.
[color=blue]
>If you
>would - what would the point have been in the encrytion?[/color]

I don't. The only encryption I trust is end to end. Cellular
encryption is NOT end to end.
[color=blue]
>If you
>wouldn't - would you have relied on the encryption to keep your
>secret, or, would it have been better not to have told the password in
>the first place?[/color]

You mean like relying on WEP128 wireless encryption when it's know to
be crackable by commonly available tools? That's a judgment call
based on the technology used. I'm familiar with CDMA encryption
(CAVE) and know some tricky ways it can be theoretically cracked.
It's also not encrypted between the cellular switch and the PSTN. I
don't have an simple answer for all types of voice/data links and
encryption methods. My general rule is lousy encryption is better
than none because it eliminates a large number of lazy and marginal
hackers from the playing field.
[color=blue]
>Or was it just luck that the timing of the password
>change coincided with your disclosure.[/color]

Pure luck that I changed it on arrival. Sorry, it's not a perfect
example of the dangers of unencrypted voice traffic, but it's close
enough.
[color=blue]
>How many times do we return to find that we'd forgotten to lock the
>car (but nothing thankfully is missing). Would the car have been more
>secure if we'd locked it? If yes, then only because of the probability
>of an intrusion and not because of something evidenced by facts.[/color]

We can play this one by the odds if you want. Chances are very small
that an individual VoIP convesation will get hacked. The chances are
sufficiently small that risking an un-encrypted conversation might be
an acceptable risk. However, it's no the odds, but the risks. Is the
risk of hacking worth the cost and overhead of encryption? Again, it
depends on the traffic and hardware.
[color=blue]
>So... why did you reveal the root password?[/color]

To expedite a crash recovery while I drove like a maniac to the
customer's server farm.
[color=blue]
>Crime-think is not built
>into VOIP phones and probably shouldn't need to be. The Eskimo story
>earlier in this thread sums it up. While we should (and do)
>acknowledge human imperfections, the answer is not in phone
>technology, but in how we use it.[/color]

A very poor answer methinks. By limiting my ability to exchange
secrets and confidential information via a medium that could be
private and secure, you'll limited the usability of that medium.
Whether this is a fair tradeoff depends on the costs of encryption and
the effects on usability.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice [url]http://www.LearnByDestroying.com[/url]
# [url]http://802.11junk.com[/url]
# [email]jeffl@comix.santa-cruz.ca.us[/email]
# [email]jeffl@cruzio.com[/email] AE6KS

CyberDroog <CyberDroog@ClockworkOrange.com> wrote:
[color=blue]
> On Thu, 04 Aug 2005 02:23:01 -0800, [email]floyd@apaflo.com[/email] (Floyd L. Davidson)
> wrote:
>[color=green]
> >Do not ever say anything on a telephone that you cannot live
> >with seeing on the front page of tomorrow's local newspaper.[/color]
>
> This thread reminds me of the novel The Light of Other Days (Arthur C.
> Clarke and Stephen Baxter.)[/color]

[url]http://technovelgy.com/ct/content.asp?Bnum=692[/url]

<[url]http://www.scifi.com/scifiction/classics/classics_archive/shaw/shaw1.ht[/url]
ml>

--

Peter