Is there any Security with Voice Mail?

By Melanie FederECE478 Dr. KocMay 31, 2002

Voice Mail Intruders? Just ask...• Carly Fiorina of Hewlett Packard

– what she said led to a law suit and trial

• Reliable Consulting Firm– lost customers due to messages

intercepted

• Successful hacker– created infinite loops through voice

mail systems

Security and Privacy

• Privacy doesn’t exist- messages are archived even when deleted

• Most systems are not secure (Not confidential)

• Be Careful!

Password Vulnerabilities• Major Problem: Easy to Break

Passwords– usually 4-6 numbers in length out of 10

possible– passwords chosen usually easy to

remember– factory passwords not changed

PBX Vulnerabilities Examples• Can tap into maintenance ports• Remote access by nature• Usually helped maintained by

contractors• Software upgrades can lead to

vulnerabilities

Laws Surrounding Security

• Uncharted territory• Conflicting Laws

– 1968 Wiretap Act– 1986 Electronic communications

Privacy Act

• 33 states have their own laws, but can’t keep up with technology

Measures to Curb Break-Ins• Lock up the PBX Center at all

Times• Educate employees about

passwords• Disconnect unused outlets, LAN

connections, etc.• Monitoring (spying?)• Encryption...

Cryptography for Voice Mail?• Not widely used yet…• Public/ private key encryption

– PKI and CA for public keys– PGP– S/MIME– Digital voice encryptor/decryptor

Disadvantages

• Delays in throughput• Voice clarity if use encryption

results in reduced bandwidth• Expense

Conclusion

• Voice mail systems are very vulnerable

• Many cases exist to date of voice mail intrusions

• Laws are waffling about legality and privacy vs. security

• Security technology has not kept pace with hackers