A Study of Ten Popular Android Mobile VoIP Applications: Are the Communications Encrypted?

Mobile Voice over Internet Protocol (mVoIP) applications have gained increasing popularity in the last few years, with millions of users communicating using such applications (e.g. Skype). Similar to other forms of Internet and telecommunications, mVoIP communications are vulnerable to both lawful and unauthorized interceptions. Encryption is a common way of ensuring the privacy of mVoIP users. To the best of our knowledge, there has been no academic study to determine whether mVoIP applications provide encrypted communications. In this paper, we examine Skype and nine other popular mVoIP applications for Android mobile devices, and analyze the intercepted communications to determine whether the captured voice and text communications are encrypted (or not). The results indicate that most of the applications encrypt text communications. However, voice communications may not be encrypted in six of the ten applications examined.

[1]  Mudhakar Srivatsa,et al.  Privacy in VoIP Networks: A k-Anonymity Approach , 2009, IEEE INFOCOM 2009.

[2]  Takehiro Takahashi,et al.  An assessment of VoIP covert channel threats , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[3]  Claude E. Shannon,et al.  Prediction and Entropy of Printed English , 1951 .

[4]  Xuxian Jiang,et al.  On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers , 2009, ASIACCS '09.

[5]  Sushil Jajodia,et al.  On the anonymity and traceability of peer-to-peer VoIP calls , 2006, IEEE Network.

[6]  Peter Saint-Andre Extensible Messaging and Presence Protocol (XMPP): Core , 2011, RFC.

[7]  Xuxian Jiang,et al.  On the billing vulnerabilities of SIP-based VoIP systems , 2010, Comput. Networks.

[8]  S. Srbljic,et al.  Methods for lawful interception in IP telephony networks based on H.323 , 2003, The IEEE Region 8 EUROCON 2003. Computer as a Tool..

[9]  Xuxian Jiang,et al.  Voice pharming attack and the trust of VoIP , 2008, SecureComm.

[10]  Walid Dabbous,et al.  I know where you are and what you are sharing: exploiting P2P communications to invade users' privacy , 2011, IMC '11.

[11]  Tonghong Li,et al.  Implementation and Performance for Lawful Intercept of VoIP Calls based on SIP Session Border Controller , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[12]  Nikos Vrakas,et al.  A Call Conference Room Interception Attack and Its Detection , 2010, TrustBus.

[13]  Sushil Jajodia,et al.  Tracking Skype VoIP Calls Over The Internet , 2010, 2010 Proceedings IEEE INFOCOM.

[14]  Chia-Hui Wang,et al.  A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes , 2011, J. Netw. Comput. Appl..

[15]  Manuela Pereira,et al.  Identification of Peer-to-Peer VoIP Sessions Using Entropy and Codec Properties , 2013, IEEE Transactions on Parallel and Distributed Systems.

[16]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[17]  Jan Seedorf,et al.  Lawful Interception in P2P-Based VoIP Systems , 2008, IPTComm.

[18]  Ching-Hsing Lin,et al.  VoIP interception in PcP SIP environment , 2010, 2010 The 2nd International Conference on Computer and Automation Engineering (ICCAE).

[19]  Ronaldo M. Salles,et al.  Detecting VoIP calls hidden in web traffic , 2008, IEEE Transactions on Network and Service Management.

[20]  Mehdi Jahanirad,et al.  Security measures for VoIP application: a state of the art review , 2011 .

[21]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[22]  Abayomi King,et al.  Automatic status updates in distributed software development , 2011, Web2SE '11.

[23]  Angelos D. Keromytis,et al.  A Comprehensive Survey of Voice over IP Security Research , 2012, IEEE Communications Surveys & Tutorials.

[24]  Nikos Vrakas,et al.  An intrusion detection and prevention system for IMS and VoIP services , 2012, International Journal of Information Security.

[25]  Philip S. Yu,et al.  Finding "Who Is Talking to Whom" in VoIP Networks via Progressive Stream Clustering , 2006, Sixth International Conference on Data Mining (ICDM'06).

[26]  R. Layton,et al.  Characterising Network Traffic for Skype Forensics , 2012, 2012 Third Cybercrime and Trustworthy Computing Workshop.