Cooper Phone Lines Vs Fiber Optic & My Experience With Verizon

Rob Seastrom rs at seastrom.com
Mon Sep 28 15:46:20 CDT 2015 

Richard Demaret <ric.demaret at gmail.com> writes:

> I tend to like copper, because it says up during prolonged power outages.  I
> also wonder, if it is more secure.
>
> About a year ago, a ham radio operator told be he had renewed something online
> with a credit card. on his cell phone.  I asked him if the cell phone signal
> is encrypted.  He said he didn't know.  It seems to me, if the cell phone's
> signal is not encrypted it would be unsafe for sensitive financial
> transactions either by voice or via the Internet.

GSM encryption is weak, 3g and 4g encryption may or may not be better
(not my department), but "analog signal in the clear" which anyone
with a scanner with a clipped diode can tune in went out with the 90s.

But you mentioned that your friend "renewed something online on his
cell phone", which would tend to suggest a web site not a voice call.
In this case it doesn't matter if the cell phone is encrypted - the
session to the web site will be https:// per the requirements of the
credit card processor.  The opportunity for mischief here is mostly in
terms of data at rest (see Target, Harbor Freight, etc) not data in
flight, and has nothing to do with cell phone or not.

> I have also heard about Internet phones --Voice Over IP. I believe Comcast has
> these. I have asked, if these Internet phone are encrypted, and was told, "I
> don't know." If they are not encrypted, they, I believe, would not be safe to
> use for sensitive business or financial discussions. 

FiOS and Comcast phone services are both delivered over IP.  Your long
distance service probably is too, you just aren't aware of it.  Soft
switches are far less expensive (and cheaper to maintain) than a
traditional TDM Class 4 switch like a DMS250 or a 4ESS.  To answer
your question, it is unusual for the RTP G.711u data streams (over
UDP) to be encrypted.

But speaking as someone who once in the distant past was a teenager
with a can wrench and a butt set...  VoIP over either Comcast or FiOS
is exponentially harder to tap at the customer edge than your old
fashioned copper pairs.  Here's why:

Layer 2 on DOCSIS uses either 56 bit encryption (pre-D3.0) or 128 bit
AES.  Google for CM-SP-SECv3.0 (CableLabs is not that friendly to deep
linking) if you'd like to read the spec.

Layer 2 on GPON (FiOS) also uses 128 bit AES.  There have been some
comparative risk analyses on GPON that tell quite a bit about what's
under the hood, for example
https://www.sans.org/reading-room/whitepapers/networkdevs/comparative-risk-analysis-gpon-optical-lan-traditional-lan-technologies-34407

Long story short, the calls are encrypted from the standpoint of
anyone who has access to the outside plant, which is a lot better than
you can say for traditional copper pairs.  POTS is absolutely not safe
for sensitive discussions.  I don't do it and neither should you.

That said, credit cards are hardly "sensitive financial data" when
your maximum liability is $50.  You probably stick your credit card
into random gas pumps or convenience store POS terminals (that might
have skimmers attached) or it over to minimum-wage-minus servers at a
restaurant without a second thought.

I don't think there's anything wrong with your friend who renewed a
subscription online from his cell phone.  The security is orders of
magnitude more than adequate.

-r

More information about the Tacos mailing list