This article addresses your questions pretty specifically:
As with traditional telephony, eavesdropping is a concern for
organizations using VOIP-and the consequences can be greater, says
Charlie Rabie, a vice president at Aspect Communications Corp. in San
Jose. Aspect is a provider of software and services for implementing
VOIP, traditional telephony and other communication services.
Because voice travels in packets over the data network, hackers can use
data-sniffing and other hacking tools to identify, modify, store and
play back voice traffic traversing the network, Kemmerer says.
A hacker breaking into a VOIP data stream has access to a lot more calls
than he would with traditional telephone tapping. As a result, "one of
the big differences is that a hacker has a much higher probability of
getting intelligent information" from tapping a VOIP data stream than
from monitoring traditional phone systems, Rabie says.
From:
http://www.computerworld.com/securitytopics/security/story/0,10801,74840
,00.html
-----Original Message-----
From: Seth Art [mailto:sethart@gmail.com]
Sent: Wednesday, April 20, 2005 8:52 PM
To: security-basics@securityfocus.com
Subject: VoIP security
My coworker had an interesting question. She had to validate her
credit card number over the phone using her social and other sensitive
information. She has a VoIP router from her ISP. The question: Are
the VoIP packets encrypted as they go across the wire? Or can
someone sniffing in the right place capture all of that sensitive VoIP
traffic and reassemble her CC# and SS# from the tones? Is this
somethign that might be an issue in the future or is there already an
answer out there?
-Seth
