Eavesdropping encrypted compressed voice


A team from Johns Hopkins University has discovered a way to eavesdrop on encrypted voice streams. Voice data like the kind used by Skype for its VoIP service sends encrypted packets of varying sizes for different sounds. The team learned that by simply measureing the size of the packets, they could determine what was being said with a high rate of accuracy. VoIP providers often use a variable bit rate to use bandwidth more efficiently, but it is this compression that makes audio streams vulnerable to eavesdropping.

The team’s software is still in its early stages of development, yet incapable of parsing entire conversations. It is capable, though, of finding pre-determined keywords and inferring common phrases bases on the words it detects. It also has a higher rate of accuracy in identifying long complicated words than short ones. The team’s goal was not to eavesdrop, but to expose the vulnerability; team member [Charles Wright] notes, “we hope we have caught this threat before it becomes too serious.”

[via Schneier on Security]
[photo: altemark]

Comments

  1. miked says:

    i approve of this post

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,710 other followers