While I'm sure the likeliness/unlikeliness of this happening will be up in the air, has the VoIP industry (more importantly Ooma) taking steps to help mitigate this vulnerability? Any of the Ooma moderators care to weigh in, please?
http://news.techworld.com/security/1019 ... oip-calls/
http://www.pctools.com/industry-news/ar ... -18641973/
Looks pretty secure to me
Secure Real-time Transport Protocol: http://www.interop.com/lasvegas/exhibit ... s-SRTP.pdf
It looks as though the PDF document you referenced may have been published in 2007 prior to the study being release.
Here's the link to the JHU paper itself for those interested: http://www.cs.jhu.edu/~fabian/papers/oakland08.pdf
Also, the Techworld article states: "For mitigating such attacks, padding could be used to make the bit patterns less recognisable, the researchers argued. However, none of the default encryption transforms of the Secure Real-time Transport Protocol, a standard for secure VoIP calls, specify the use of padding, the researchers pointed out.
The JHU paper states (page 3): " ... Unfortunately, this approach can also cause substantial leakage of information in encrypted VoIP calls because, in the standard specification for Secure RTP (SRTP) , the cryptographic layer does not pad or otherwise alter the size of the original RTP payload.
It has my curiosity.