Who’s Listening to Your Phone Calls?
reprinted with permission from the HP Small Business Center

Simple to use and cost effective, VoIP (Voice over IP) solutions have taken the communications world by storm. But with this increase in popularity come serious security issues.

The problem with VoIP calls is the very thing that makes them so popular: they travel over the Internet. Because of this simplicity, VoIP calls can be intercepted at two points: the call setup and the call data flow. Tapping into the call setup provides the intruder with information on who called a particular number, and if they listen, what was said on that call. All that's needed to hack into a call is a packet-sniffing program that can be easily downloaded from the Internet and a tiny piece of hardware that taps into a physical wire undetected.

So just who might be spying on you? Anybody from business competitors, employees, your boss, your spouse, organized crime, the government, and nosy-tech-snoops can all listen to outgoing and incoming VoIP calls.

If your paranoia is now shooting off the charts, here’s the good news: there are lots of ways to secure VoIP calls at both the network and the individual user level.

Security at the network level
First of all, both business and individual users should look for equipment that incorporates Wireless security standards such as Wi-Fi Protected Access (WPA), WPA2 and IEEE 802.11i. Make sure your network devices utilize at least one of these technologies.

Security installed on network routers and gateways can protect VoIP-call confidentiality by encrypting both the call setup and the audio stream itself. Businesses and individuals subscribing to a hosted VoIP service like Skype can take advantage of the encryption that is incorporated into the software.

Businesses using a VPN (virtual private network) can utilize the technology's built-in encryption for gateway-to-gateway VoIP-call protection. This security is automatically supplied to all VoIP users – even traveling employees connecting to the VPN from a laptop. Internal VoIP security can be further enhanced by running the technology on the company network, allowing the infrastructure's usual safeguards to keep calls safe from snooping.

Finally, a well-configured firewall will block hackers trying to enter a company’s VoIP system through a wireless device.

Security at the user level
Various IP-based features allow users to isolate themselves from unwanted callers and to protect their identity.

• Anonymous call rejection allows users to reject incoming calls from people who have blocked their phone number and name, thereby screening out telemarketers and anyone trying to hide their identity.
• Outbound-caller ID blocking allows the user to hide his or her identity – but be aware that this can also result in the call being blocked by the aforementioned anonymous call rejection.
• Call blocking enables users to screen or reject calls from specific phone numbers.

There are other simple precautions you can take if you are concerned about personal privacy when using VoIP. The most important one would be not to leave sensitive information like your credit card details or date of birth in voicemail messages. These messages will reside on a server somewhere and would therefore be more vulnerable than a regular voice call. As we mentioned earlier, encryption hardware and software is already available from some providers, so ask your provider about their encryption capabilities.