Did You Just Send Your Sensitive Info In the Clear?
VoIP, or Voice Over IP is quickly usurping traditional phone lines. It’s not hard to understand why. VoIP service allows you to do things previously impossible with traditional phone service. You can use physical phones or an application on your computer. You can setup internal company PBX systems previously only available to those with lots of money. You can even use VoIP to answer your front door.
The insecurities of VoIP are being discussed, but few are listening. We already know that VoIP is insecure in many ways. But I have not heard much discussion about the practical implications of VoIP insecurity. The discussion is still a bit too academic.
Let me give you an example. Most providers that I know of do not support transmission over TLS/SSL. The practical implication of this is that whatever you discuss is being transmitted over the Internet in the clear. It is fundamentally no different than putting the same info in an e-mail.
If you have VoIP service or are considering it, consider whether you would be confortable transcribing what you are about to say and sending it in clear-text e-mail. If your conversation contains SSNs, credit card numbers, passwords or your strange affliction for <insert subject of fantasy here>, you may want to reconsider discussing it in a VoIP call.