Using VoIP as the main source of communication is a cheap and convenient way of placing and receiving audio (or visual) calls or text messages. However, just like anything that connects to the internet, your data traffic can be easily intercepted should you and your VoIP service provider not take the right preventive measures. On your part these should be stringent use of antivirus programs or not opening suspicious websites. However, on your provider’s behalf, this can be a bit more complicated, and not because they cannot protect your calls and messages from being eavesdropped on.
It’s because they have to apply different security protocols.
Security Protocols to the Rescue!
The main reason for using a secure protocol for VoIP calls is because of the standard that almost every device uses to transmit audio and video packages between one another, Real-Time Protocol (RTP). Despite being so widespread, RTP is widely considered to be extremely vulnerable, as anyone with decent computer skills – or even dumb luck – can eavesdrop on communication between any parties. This is why equipping the RTP standard for VoIP with either TLS (Transport Layer Security) or SRTP (Secure Real-Time Transport Protocol) is a no-brainer for anyone that doesn’t want to have their calls and messages listened in on by third parties.
However, there are some major differences. TLS – and its predecessor, SSL (Secure Sockets Layer) – is a protocol capable of encrypting SIP signaling, thus making crucial parameters like phone numbers and user names invisible to snoopers. Additionally, TLS can also prevent the eavesdropping or capturing (and therefore block any tampering) of messages. SRTP, on the other hand, is a profile of RTP that, just like TLS provides encryption, message authentication and integrity, not to mention replay protection. In simpler words, SRTP encrypts audio and video media traffic, making it unintelligible for interceptors should they be able to capture messages despite any precautions you take.
How Safe Are VoIP Calls?
The short answer is they are as safe as online banking or entering your financial data into the cloud for accounting purposes.
The long answer is that providing secure, encrypted data traffic for their end users is a must for VoIP services: since most of these companies are used by SMBs and enterprises, security is of the utmost importance for them. And if just a single peep can be heard by unwanted ears, the company can easily become a victim of business homicide.
“And how do VoIP companies manage to keep phone calls and messages safe?” you may ask. Believe it or not, the answer to that question is pretty simple, and can be realized by decent VoIP companies for very little. RingCentral, for instance, provides this extra layer of security at the perimeter, the service delivery layer and SSL-encoded web applications (by geographically dispersing data centers and maintaining continuous, monitored traffic between users). Monitoring is a key term here as proven by Vonage: when it acquired Vocalocity back in 2013 the company also inherited a built-in real-time fraud detection system, which automatically changes phone credentials and blocks calls when placed from a potentially fraudulent number.