Anyone familiar with digital telephone?

[erik]

I just moved to a condo complex that has phone through the cable company. Unfortunately, I didn't know this until I moved in and payed to have my analog service moved. My neighbor gets a 44kps modem hook-up with their service while I'm stuck with 21kps on a copper line. What I need to know is if digital phone is secure. Can anything sent over the line reach other users like broadband cable? OR, is this technology different?

-johnson

[Bobby Lee]

I get my phone, cable and broadband internet all over the same cable wire. It works well. I never thought about the security issue, though. I have no idea how it works, or if it is more "hackable" than the switch that handles your copper wire.

The cable company views it as 3 different services, and sends me 3 different bills each month. They can't figure out that "Robert Lee" and "Bob Lee" are the same person. Twice I filled out forms saying that "Robert Lee" agrees to let "Bob Lee" pay his bill, and that "Bob Lee" agrees to pay the bill for "Robert Lee", so that they could consolidate the bills. Never happened. When I sent one check to pay two of the bills, they got so confused that they lost the check!

Their billing system is really secure!

------------------
<font size="1"><img align=right src="http://b0b.com/Hotb0b.gif" width="96 height="96">Bobby Lee - email: quasar@b0b.com - gigs - CDs, Open Hearts
Sierra Session 12 (E9), Williams 400X (Emaj9, D6), Sierra Olympic 12 (C6add9),
Sierra Laptop 8 (E6add9), Fender Stringmaster (E13, A6),
Roland Handsonic, Line 6 Variax</font>

[erik]

Yeah, but in my case I just want the phone so I can get a fast dial-up connection. I don't plan on buying cable or broadband. Would be interesting if anyone knows how this stuff works and whether a phone conversation can be tapped or sniffed through the line by any user. This was the knock against broadband - that when you send out information it goes everywhere instead of just it's intended destination - like one big party line.

-johnson

[Ray Minich]

Dont worry about "eavesdropping". The NSA has us all covered. If anyone says anything that's interesting, the big computer underground in Virginia will know about

Digital eavesdropping is as easy as analog. Put anything on the net and you're fair game. It's all TCP/IP (i.e. packets) anyway.

There's no need to be paranoid, they really are out to get you...

[C Dixon]

I have some news for you precious folks. Ever seen those tall green or tan metal boxes sitting on a concrete pad somewhere in your neighborhood? Well some of them are collection points where your and your neighbors' telephone lines are connected to a large feeder cable or in some cases is converted to digital in the powered boxes.

Many a telephone man has gotten his jollies hundreds of times by eavesdropping. It has been going on since the days when the town "operator" eavesdropped. It has happened thousands of times in central offices where most telephone subsciber numbers (lines) are brought into the building since the beginning also.

I could not believe some of the stories I heard when RCA entered the telephone business in '67 and I was thrown into an all new domain in my career. Then I witnessed it many times.

Illegal? Unethical? Of course. Enforced? As rare as hens teeth. It is part of the sins of man. My best advice is to grin and bear it. Also, say only those things you do not give a hoot who knows it. Same goes for emails or any other form of communication including word of mouth.

carl

[Jeff Agnew]

<SMALL>Would be interesting if anyone knows how this stuff works and whether a phone conversation can be tapped or sniffed through the line by any user.</SMALL>

If what you have is Voice Over IP (VoIP) then the answer is yes. VoIP is quite different from a digital telephone system or PBX. Voice is converted to a simple Ethernet stream and sent over the 'Net, which can be sniffed with a standard tool since there is no distinction at that point between VoIP traffic and normal data.

Did they run traditional twisted pair for your analog line or do you plug into the same type of jack as your buddy with "digital"?<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff Agnew on 28 May 2004 at 03:03 PM.]</p></FONT>

[erik]

Hi Jeff, thanks for the answer. I'll have to get more details and post again in a few days. What I'm concerned about is if I hook up my modem to this line will I need to be concerned about sending passwords or credit card numbers over it in comparison to a standard analog line. Am I correct in that broadband internet is less secure because information is sent in every direction? I'm not sure that the digital phone works on the same principal.

[Jim Smith]

If this is really a digital phone line, your analog modem won't work, and I'm not aware of any digital modems. Our Audix system at work is considered digital, and we have a few analog lines for when we need to use a modem.

This sounds like something you need to discuss with your neighbor and the provider before making your decision. See what kind of modem your neighbor is using.

[Ray Minich]

The internet is the internet, it doesn't matter whether yer hooked up broadband, DSL, Dial-up, or StarBand (Starband uses a 14 watt transmitter in the button hook of a Dish Network "Pizza Dish" antenna). Port 80 is HTTP is Web Surfing and the only difference in the packets between the different connections is their SPEED.

Don't do credit cards over the internet unless you see the lock in the browser, and then be real careful. The bad guys are getting REAL GOOD at spoofing valid secure websites. The internet is still an unsecure and dangerous place.

Personally, I do very very little Internet commerce. I'll find the product via the net but place the order by phone. Already had to have my corporate purchasing card replaced due to vendors data base being cracked.

Paranoia.... wash it down with a favorite beverage.

[erik]

Jim, neighbor is using dial-up modem. They have AOL and use java to play online games. They claim their connection is 44kbps. No way could they play java games with the connection I get at 21kbps.

Ray, I have used my credit card online at least 100 times with only one erroneous charge.

[Ray Minich]

Horror story from fellow employee... He was buying fishing gear online from a site that didn't present a lock in the browser. Made purchase on a Saturday. Web page hiccupped when he hit the "buy" button. Tuesday morning he gets a call from his bank asking if he really wants to charge $1700 in computer books at Amazon.com. Had to void credit card and get new card from bank. Web page was spoofed/impostered.

Use all of the security measures available. Make sure your browser is at least up to 128 byte key encryption. Make sure you see the "security" lock on your browser when you go the the "online checkout". Never put credit card or financial information in regular e-mail. Remember that when you put your info on a web page you are sending packets into the net that can be seen all over the world immediately.

For the most part, if you follow the security measures, web based commerce is fairly safe.

PS: The dial-up connection speed that Windows reports in the dialog box is sometimes a bit optimistic. <FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Ray Minich on 29 May 2004 at 07:34 AM.]</p></FONT>

[erik]

Ray, all I can say is I know how to protect myself. My browser is only 64bit. My concern with my initial post is digital phone over cable not the internet per se.

Jeff, the scoop is they use a box in the basement that ties my wires into their cable. It is digital and I can use any normal phone apparatus.

[Bobby Lee]

<SMALL>Am I correct in that broadband internet is less secure because information is sent in every direction?</SMALL>

No, that's not correct. The packet encryption happens in your computer, and the decryption happens at the server. The physical nature of the TCP/IP connection has nothing to do with it.

IP packets are inherently insecure. They can be sniffed anywhere, and their routing is unpredictable (by mere mortals, anyway). You can assume that anything not encrypted is like a postcard sitting in a glass mailbox.

Digital cable phone service is not IP. In fact, most phone service becomes digital at the switch anyway. You don't have to worry about internet hackers listening to your phone calls unless you're using "voice over IP", an Internet-based technology.

Carl rightly points out that telephone company employees can listen to your calls. If you switch to cable phone, then cable company employees will be able to listen to your calls. Who do you trust more? Sounds like a tossup to me.

------------------
<font size="1"><img align=right src="http://b0b.com/Hotb0b.gif" width="96 height="96">Bobby Lee - email: quasar@b0b.com - gigs - CDs, Open Hearts
Sierra Session 12 (E9), Williams 400X (Emaj9, D6), Sierra Olympic 12 (C6add9),
Sierra Laptop 8 (E6add9), Fender Stringmaster (E13, A6),
Roland Handsonic, Line 6 Variax</font>

[Jeff Agnew]

<SMALL> ...they use a box in the basement that ties my wires into their cable. It is digital and I can use any normal phone apparatus.</SMALL>

Based on that description I'd say they're running VoIP for the entire building. Note that this is not the same as a digital phone system. Digital PBXs require digital phones or an adapter for analog devices. These then connect to your phone company's CO. But if the building is providing you the actual voice service (as opposed to a Bell-like company such as SBC or Verizon) then they're sending all voice traffic over the net. This is the hottest thing in telecom.

Come to think of it, it's the only thing in telecom at the moment. Everything else died.

So my answer to your original question stands: yes, your voice traffic can be monitored. It's not trivial to do so, but the average hacker wouldn't bother. Three-letter agencies are, of course, another story. But they can already monitor your analog traffic although it requires a warrant. Unfortunately, the PATRIOT act and VoIP have made that a moot point since the old laws so far don't apply to the new voice technologies.

[Bobby Lee]

I seriously doubt that the cable companies are using VoIP for phone service, Jeff. First of all, the sound and connection quality are identical to what I had before I switched. As I understand it, VoIP still has issues.

I believe that the cable company simply assigns some bandwidth on the cable for their voice customers, and then switches it into the local "Baby Bell" network at the neighborhood switch box. I might be wrong, but I wouldn't expect VoIP on the public internet to be as transparent as the service I'm getting.

They could be doing VoIP over a virtual private network, to get it to the switch. A hacker would have to crack the VPN first, assuming that the cable company even connects this stuff to the public internet.

------------------
<font size="1"><img align=right src="http://b0b.com/Hotb0b.gif" width="96 height="96">Bobby Lee - email: quasar@b0b.com - gigs - CDs, Open Hearts
Sierra Session 12 (E9), Williams 400X (Emaj9, D6), Sierra Olympic 12 (C6add9),
Sierra Laptop 8 (E6add9), Fender Stringmaster (E13, A6),
Roland Handsonic, Line 6 Variax</font>

[Donny Hinson]

And...if you use a cordless telephone in your house, any neighbor with a scanner can "LISTEN IN". The same is true for most cell-phones.

Hard-wired phones are still more secure than any wireless technology.

[Jeff Agnew]

<SMALL>I seriously doubt that the cable companies are using VoIP for phone service, Jeff.</SMALL>

That's not what I said. Or at least, not what I intended. His local condo may be offering phone service. It's a new development, but not unheard of. Many large buildings have offered net access for years. They negotiate a deal with an ISP and share the bandwidth with tenants. Some are now offering local phone service (using VoIP) because they've already got the infrastructure in place. For example, AT&T's Call Advantage is a single-user version of their business program offered to large installations.

<SMALL>First of all, the sound and connection quality are identical to what I had before I switched. As I understand it, VoIP still has issues.</SMALL>

Well, I have a VoIP phone sitting on my desk right now and I've never had anyone comment on its lack of quality during a conversation. But certainly a poorly designed network or incorrect VoIP configuration can make it sound terrible. The jitter buffer setting is critical.

<SMALL>They could be doing VoIP over a virtual private network, to get it to the switch.</SMALL>

I've never seen a VoIP spec that supported VPN. Not to say some idiot won't try it but the latency caused by the VPN encryption would likely make it unusable.

<SMALL>...assuming that the cable company even connects this stuff to the public internet.</SMALL>

Critical point. And one I failed to explain very well in my original comment to Erik. VoIP is not necessarily the same beast as Internet telephony. In its current implementation, it's value is in replacing PBXs and separate voice wiring in large companies and institutions. The VoIP switch itself connects to the local CO in the traditional manner. It never touches the Internet unless the company uses net-based telephony for long distance.

This is different from companies like Vonage, that use the net for all their connectivity. Or from you buying a SIP phone and taking it with you when you travel, turning all your calls into local calls.

All that said, I likely read too much into Erik's original post. He's probably getting the same cable-based traditional service you are. But I've spent the last 18 months working with a client who is a major VoIP vendor and it's hard to get that stuff out of my limited gray-matter space. Their newest product just reduced a four-foot high conventional PBX to a single rack space unit that uses VoIP. It's cool stuff.

And if Erik is still listening, here's the answer I should have given in the first place:

Any phone service (analog, digital, cable, VoIP, whatever) is unsecure unless it's scrambled. Even that's crackable by those with enough resources. But it's not likely.

[Ray Minich]

Could the basement box be a frame relay connection to a T1 line?

[erik]

Let me clarify:

I live in a older condo complex. It was once an apartment setup. Many people here have cable tv (me not one of them). The cable company apparently pitched their phone service to all their customers, everywhere. The homeowner must grant permission for them to attch their box to the phones lines that lead to the jacks. So the phone is no doubt carried over their cable. I myself was told I need permission from the condo board for them to install a box on my phone lines. They ARE trying to get "right of way" through the whole complex but the condo board is trying to get a deal for all before granting it.

-johnson

[erik]

I have a new question: I can get a cell phone (that I know gets great reception at my home) and get a plan where I can use my computer over it for free nights and weekends for $79. My coworker has the plan he just doesn't have a computer right now. How safe is it to transmit credit card data or do online banking with such a setup? Also, is it dangerous to tele bank on a cell phone? I always call my bank and punch in my SS number to get access to my account. Same goes for credit card banks to check balances, etc. Couldn't any scanner pick up my keypad tones? It just seems risky.

[mickd]

at least some VoIP service offerings use IPSEC encryption (with the IPSEC typically done in the PC). Even if you don't encrypt the VoIP, it'll be a load more trouble to eavesdrop an IP call than a traditional circuit-switched one. At some telephone exchanges it has been known for bored engineers to patch 'interesting' calls through to the tannoy system