How to wiretap voice calls with the AVM Fritz!Box and Wireshark

No, there is no more strange noise in your phone line when someone listens in. Nobody needs to slice open cables or tap into phone boxes on the roadside today if he wants to listen what you have to say on your phone. The tools to monitor your calls are already built into your wireless router, and whoever has access to it can breach your privacy.

In this article I will describe how you can record the data stream going through a DSL router made by the German manufacturer AVM. Their router brand “Fritz!Box” is very famous in Germany for its reliability and security. But it also comes with a powerful debugging feature which allows to capture all data including the phone calls. The capture feature is not a secret but most users will not know it exists. I learned about it while I was talking with AVM’s tech support to troubleshoot VoIP calls that had connection problems.

To understand how calls can be intercepted, one must know that on modern VDSL landline connections phone calls are transmitted over the internet connection. That you have an analog or ISDN phone connected does not mean your calls are handled separately. Your router is just emulating the old phone line.

The picture above shows the (simplified) setup. Please note, that phone data is transported in the same data stream with your other internet data. The protocols used are SIP for signalling and RTP for transport of voice data. RTP is not encrypted and therefore calls can be easily monitored. The more secure SRTP protocol is not commonly used.

How it is done

To record phone calls on your Fritz!Box router proceed like this:

1. Log into the web interface on http://fritz.box/ or http://<your_routers_ip_here>

2. After authenticating as an admin user, open this address: http://fritz.box/html/capture.html

The capture interface “Paketmitschnitt” of a Fritz!Box Router

3. Choose the first connection (here: 1. Internetverbindung) and press “Start”. Your browser starts downloading a file continuously containing a copy of all the data going through the line until you press “Stopp”.

4. Open the file you just downloaded with Wireshark. Find the SIP and RTP packets, and analyze them. Wireshark has a feature to listen into VoIP calls.

In Wireshark’s RTP Player the call can be decoded and played.

How to protect yourself

So you just tried it yourself and were able to listen into your own calls? This means that your Phone/Internet provider is not encrypting your calls and that everyone who can intercept the data between your router and the destination server of the RTP packets can monitor your calls.

But you can at least make it harder for someone who broke into your computers or network to spy on your calls. Here are my recommendations:

  1. Make sure your Fritz!Box router has the latest firmware installed. AVM is very thorough in patching security issues.
  2. Use different and safe passwords for your router’s web interface and your Wi-Fi. Do not give the router password to anyone and do not write it onto the router.
  3. Use the built in security diagnose feature to find potential threats.
  4. If possible, use SRTP instead of RTP. Ask your provider for support.

Conclusion

The capture feature of AVM’s Fritz!Box is a mighty tool and very useful for professionals and support specialists to analyze problems with the Internet connection or protocols. The Fritz!Box routers are generally considered safe.

The greater problem is the fact that calls are sent to the provider unencrypted. This becomes a big issue, when users rely on another SIP provider. Then their calls are often transported over the internet and third parties might be able to listen in. Another problem are calls made from VoIP devices inside a home or company networks. These calls could be intercepted inside the company network by individuals who know how to redirect and sniff traffic.

Further reading


The feature image shows a device to wiretap fiber cables. The photo was taken by 1971markus@wikipedia.de at the German Museum of Technology. ¬© 1971markus@wikipedia.de [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], from Wikimedia Commons