Voxalot / SIP Broker Support Forums - View Single Post

sleek · 10-25-2009, 11:52 AM

I'd like to touch on a very sensitive subject, security.

Or lack thereof. I believe the majority of end-customers are unaware of the fact their conversations are COMPLETELY unsecured!

I was rearranging my network topology at home and decided to execute some security tests. The results are worrisome. Utilizing the Man In The Middle attack I was able to record every and each of my conversations, including the md5 hashed password, for authentication with the SIP server.

In essence, this means, everyone, from our neighbor, our ISP and all the way to the SIP server, people can eavesdrop on our conversations with ease. It also means people with weak passwords are subject to account hijacking, because the md5 hash also travels without any encryption.

The thought of our conversations being eavesdropped virtually by anyone from our computers to the Voxalot SIP servers is quite unsettling.

This is only a brief overview of a huge problem. I don't want to get into details.

Can Voxalot offer some sort of remedy?

10-25-2009, 11:52 AM	#1
sleek Member Join Date: Dec 2008 Posts: 54 Thanks: 2 Thanked 5 Times in 5 Posts	What about security? I'd like to touch on a very sensitive subject, security. Or lack thereof. I believe the majority of end-customers are unaware of the fact their conversations are COMPLETELY unsecured! I was rearranging my network topology at home and decided to execute some security tests. The results are worrisome. Utilizing the Man In The Middle attack I was able to record every and each of my conversations, including the md5 hashed password, for authentication with the SIP server. In essence, this means, everyone, from our neighbor, our ISP and all the way to the SIP server, people can eavesdrop on our conversations with ease. It also means people with weak passwords are subject to account hijacking, because the md5 hash also travels without any encryption. The thought of our conversations being eavesdropped virtually by anyone from our computers to the Voxalot SIP servers is quite unsettling. This is only a brief overview of a huge problem. I don't want to get into details. Can Voxalot offer some sort of remedy?