 |
 |
    |
Unencrypted RTP vulnerable to capture and reconstruction
OverviewUnencrypted RTP packets in IP-based communication can be captured to reconstruct the media (e.g., voice or video) compromising confidentiality of communication. ImpactEavesdropper can listen to confidential voice conversation or watch confidential video communication. It may not be possible for the communicating parties to become aware of such eavesdropping. Description
For IP-based communication, RTP protocol is used to transport packetized media over IP network. Unlike circuit switched network, these media packets travel over a public network, possibly Internet. Consequently, it is possible for an eavesdropper to capture these RTP packets and reconstruct the media compromising confidentiality of the communication. Availability of several free tools to reconstruct media from captured RTP packets further increases the threat. Solution
RTP packets must be encrypted using SRTP. SRTP key negotiation channel also must be secured from such eavesdropping. With its VoIP VPN functionality, the Sipera IPCS product can be deployed as an Encryption Proxy to prevent this threat and related attacks. For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com |
UC Security Defined
Sipera Systems, the leader in real-time Unified
Communications (UC) security, is the choice of enterprises
and service providers around the world to support their
mission-critical UC deployments.
Sipera offers groundbreaking, production-proven solutions
that secure voice, video, messaging, collaboration, and
other real-time communications in converged IP networks,
boosting compliance with information security requirements.
Backed by the industry-leading research of the VIPER lab,
Sipera's solutions provide comprehensive threat protection,
policy enforcement, access control, and encryption in a
single flexible appliance.