Quote:
Originally Posted by sleek
In essence, this means, everyone, from our neighbor, our ISP and all the way to the SIP server, people can eavesdrop on our conversations with ease.
|
Not sure how your neighbor is eavesdropping unless you have an unsecure wireless connect. Theoretically an ISP could eavesdrop on the RTP stream. However, it would seem highly unlikely.
Quote:
It also means people with weak passwords are subject to account hijacking, because the md5 hash also travels without any encryption.
|
If you read up on the SIP protocol you will see that SIP authentication uses a nonce to encrypt the password.
Even if a man in the middle attacker was to capture the auth token they would not be able to simply replay it as the SIP server would require a new encrypted auth token matching a newly issued nonce.