Intelligent Solutions

Vulnerability in WiFi WPA2 (and VoIP encryption)

Simon Woodhead

Simon Woodhead

16th October 2017

When people say that ‘encryption is pointless‘ with regards to VoIP calls, isn’t it a good job that they’re only ever using VoIP in a closed, secure network that already has encryption baked in; like WiFi perhaps. Whilst this argument has no basis on almost any public WiFi (which is generally unencrypted), it now has no basis even on private WiFi given a newly discovered vulnerability in WPA2 implementations.

Thank goodness for end-users that ITSPs care so much for their privacy that all their VoIP traffic is encrypted regardless of transport. Because it is, right? Oh, wait…

We’ve always supported TLS and SDES but this has all got much better in our new stack. We’re delighted to see PCI sensitive customers using it actively but dearly wish 100% of traffic was encrypted for the sake of your end-users. They expect it, even if they don’t say so.

We again strongly urge all our customers to implement TLS/SDES both on the leg to us, and more-so on the leg to end-users. Whilst we may be about the only wholesale operator that even offers it, that does not make it any less necessary, desirable or diligent. If you insist on buying from ‘me too’ as well, perhaps ask them to buy a new magic box that respects end-users!

Related posts