cancel
Showing results for 
Search instead for 
Did you mean: 
janner43
Contributor
1,112 Views
Message 51 of 65

Re: BT Smarttalk security.

Call me paranoid 🙂

 

But, given that this thread was originally about app security, I was wondering how secure calls using this service will be? I guess that if I am out and use a public wifi access point, that the connection between the phone & the wifi point will be "in the clear" unless the app encrypts the data sent between the phone handset & the Internet.

 

At home, would the situation be any different? I know that the wifi connection is encrypted there, but what about the call itself?

 

I am thinking, for example, if calls to services such as telephone banking  are made, when a password is involved. If the data from the app is unencrypted, then any unscrupulous person could intercept the data travelling across the Internet & "listen in" to the VoiP call made from the app & therebye have the ability to record security details.

 

Can someone from BT - one of the Community Managers monitoring/contributing to this thread advise on this please?

 

I mean, it is one thing if we are using the service to phone family when on holiday just to say hi, but something completely different if we want to take advantage of the ability to call 0870 or 0845 numbers via VoiP in this way when the risk of identity theft becomes more of an issue.

 

Thanks in advance. 🙂

 

 

0 Ratings
Distinguished Sage
Distinguished Sage
1,109 Views
Message 52 of 65

Re: BT Smarttalk security.

The connection setup is encryped and uses https, just like a secure bank connection, so nobody can capture the call setup details or login.

 

The call itself is just bits of data send as a UDP stream and would be meaningless garbage.

 

It does not use the SIP protocol, like many VOIP solutions.

 

 

 

0 Ratings
janner43
Contributor
1,104 Views
Message 53 of 65

Re: BT Smarttalk security.

Thanks for that Keith, but while I understand https, sadly the rest of your answer is "all Greek to me" 🙂

 

I'll Google those terms, and really appreciate your swift answer, but would still value an "official" BT response as well. (No offence intended to you, as I appreciate your work on the forum. 🙂 )

0 Ratings
Distinguished Sage
Distinguished Sage
1,100 Views
Message 54 of 65

Re: BT Smarttalk security.

You are very unlikely to get a response from BT, as its a bit outside of their normal scope.

 

The SmartTalk product has been on trial since its inception, which was some time ago now, when it had another name. I was one of the triallist, plus some others on this forum as well.

 

The security has been improved beyond recognition since the early days, so you have nothing to be concerned about. I have looked at the traffic from the application, and its very secure, otherwise I would not use it myself, so please do not worry.

0 Ratings
janner43
Contributor
1,099 Views
Message 55 of 65

Re: BT Smarttalk security.

Well a few minutes have passed & I have read up on your original reply Keith & it would appear to me as an inexperienced person, that the calls are not really that secure as they do not use SIPS...

 

This from the wiki entry...

 

"The increasing concerns about security of calls that run over the public Internet has made SIP encryption more popular. Most service providers that offer secure SIP (SIPS) connections use TLS for securing signalling. The relationship between SIP (port 5060) and SIPS (port 5061), is similar to that as for HTTP and HTTPS "

 

But, as I say, I know virtually nothing about this subject & am just trying to be careful. As we are all advised to be, these days, with the various advice given out about such matters. 🙂

 

I don't know if a you can add anything further...

0 Ratings
Distinguished Sage
Distinguished Sage
1,088 Views
Message 56 of 65

Re: BT Smarttalk security.

You are reading too much into it I`m afraid. SmartTalk does not use a standard protocol, just as Skype doesn`t.

 

SIP is used in commercial VOIP applications so it can interconnect with digital services like ISDN30.

Traffic can be captured and analysed using standard software tools, and performance can be measured.

 

UDP is used because it has very little overhead, and is often used for streaming audio and video.

Encryption of the source and destination ensures that anyone intercepting the stream, will just get random noise.

There is nothing more I can add. If you are still not happy, then don`t use it.

 

 

 

 

0 Ratings
Distinguished Guru
Distinguished Guru
1,074 Views
Message 57 of 65

Re: BT Smarttalk security.

I can't offer technical assurances about VOIP security, but I think you need to take account of the arrangements that banks have in place. For example they usually only ever ask for part of a password, and it's stretching the imagination that someone is going to hijack enough calls to be able to construct the whole password, even if they were able to hijack the calls in the first place. Even then there are further layers of security before the culprit could obtain profit from your account. Moreover, while a security breach would be troublesome, any loss would be the bank's unless you had deliberately or carelessly divulged information to a third party.

 

It's also worth considering that the banks' security arrangements have developed around the standard telephone service. If copper wire is intrinsically easier to hack than VOIP, SmartTalk could actually be an improvement in security.  

 

Anyone unable to trust the technical assurances and the banks' own procedures would probably do better not to use the telephone for such business.

--
You can click the thumbs up icon below this message if you think it was helpful.
0 Ratings
Highlighted
janner43
Contributor
1,019 Views
Message 58 of 65

Re: BT Smarttalk security.


@Keith_Beddoe wrote:

The connection setup is encryped and uses https, just like a secure bank connection, so nobody can capture the call setup details or login.

 

The call itself is just bits of data send as a UDP stream and would be meaningless garbage.

 

It does not use the SIP protocol, like many VOIP solutions.

 

 

 


I've been reading up on the whole subject of VoIP security in the past few days - never too late to learn something new 🙂

 

I think I now understand that the BT service uses a proprietary system which works in the following way (if I understand Keith's quoted post & his subsequent posts)...

 

1. The call is dialled using the app & that initial setup & dialling is encrypted (using https ?) therefore making it secure

2. The content of the call may not be encrypted (I'm not sure on that point) but because the initial setup & dialling of the call is encrypted the content of the call itself, even if intercepted, would be unintelligible to any interception

 

I don't know if Keith or other knowledgable person is still patient enough to reply to this further post - he has been patient with me until now :), but have I understood things correctly?

 

By the way, what doe the little star icon with CL next to it stand for next to some posters? Is that like a forum moderator?

 

thanks in advance 🙂

0 Ratings
Distinguished Sage
Distinguished Sage
1,012 Views
Message 59 of 65

Re: BT Smarttalk security.

From what I can discover, the call setup is secure and a cipher key is exchanged, which is then used to encrypt the UDP stream, just like a secure wireless connection would be, or a connection to your bank.

 

Anyone intercepting the stream who have to know the very secure key, to decode the conversation.

So nothing to worry about, as BT would keep these keys very secure.

 

As far as the CL badge is concerned, this post will explain it.

 

Community Leader Programme update

 

CLs  have a sort of "sub moderator" role, but are not BT Employees or paid by BT, they are just volunteers.

 

janner43
Contributor
1,006 Views
Message 60 of 65

Re: BT Smarttalk security.


@Keith_Beddoe wrote:

From what I can discover, the call setup is secure and a cipher key is exchanged, which is then used to encrypt the UDP stream, just like a secure wireless connection would be, or a connection to your bank.

 

Anyone intercepting the stream who have to know the very secure key, to decode the conversation.

So nothing to worry about, as BT would keep these keys very secure.

 

As far as the CL badge is concerned, this post will explain it.

 

Community Leader Programme update

 

CLs  have a sort of "sub moderator" role, but are not BT Employees or paid by BT, they are just volunteers.

 


Hi Keith,

 

Thanks for that 🙂

 

That explains things very nicely indeed. I have tapped the star icon next to the post, so hopefully it is now flagged as a "solution" 🙂

 

Thanks also for the information on the CL programme - & thanks for your all your work here, too.

0 Ratings