Skip to Content

How to Spot Suspicious VoIP signals

One way to steal data is to embed it in a voice call over the internet. Now network engineers are learning how to spot such attacks.

ISo-called Voice of Internet Protocol or VoIP makes for cheaper and more convenient calling but it also opens an important issue of security. Various people have described how it might be possible to to hi-jack VoIP signals to send confidential information.

These services break down voice signals into digital packets and send it over the internet, in exactly the same way as email or web traffic. Such a malicious attack might involve scanning your computer for interesting tidbits and sending them to a third party each time you make a VoIP call by modifying these packets in some way.

But how easy is it to embed data in a VoIP stream without being noticed? In theory, that ought to be easy to answer. After all, the protocols used to send information are well known. Surely it should be easy to see whether extra data has been added.

Actually no. One way to embed data is to change the order in which packets are sent according to a code. A malicious receiver can retrieve the embedded data by monitoring and re-ordering the packets without the listener being any the wiser. A simple measure of data rate would not spot such a scheme.

Then there is the technique of deliberately delaying certain packets filled with secret information, a technique called Lost Audio Packet Steganography or LACK. Delays are common on the internet and receivers deal with them by simply ignoring late arrivals. However, a suitably equipped receiver could extract any confidential information hidden in these delayed packets.

The only way to spot such attacks is to compare the traffic to ordinary signals and to see how it differs. But what does ordinary traffic look like?

Today, Wojciech Mazurczyk and buddies at the Warsaw University of Technology in Poland publish their study of the characteristics 100 ordinary VoIP calls made between Warsaw and Cambridge in the UK, a distance of some 1800 km . Their idea is characterise ordinary call data so that steganographic attacks can be easily spotted.

Their study throws up some surprises. It turns out that packets are never normally re-ordered in a way that could be used to hide data. So this kind of attack would be easy to spot.

However, data packets routinely get lost so distinguishing these from those that are deliberately delayed by a malicious attacker is hard.

So while VoIP might be cheaper and easier than other forms of voice calling, it may also be less secure. Mazurczyk and co say that more data is needed to study the natural charactersitics of VoIp over a wider range of conditions. But for the moment, it looks as if LACK is a real threat.

Ref: What are suspicious VoIP delays?

Deep Dive


Our best illustrations of 2022

Our artists’ thought-provoking, playful creations bring our stories to life, often saying more with an image than words ever could.

How CRISPR is making farmed animals bigger, stronger, and healthier

These gene-edited fish, pigs, and other animals could soon be on the menu.

The Download: the Saudi sci-fi megacity, and sleeping babies’ brains

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. These exclusive satellite images show Saudi Arabia’s sci-fi megacity is well underway In early 2021, Crown Prince Mohammed bin Salman of Saudi Arabia announced The Line: a “civilizational revolution” that would house up…

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.