Expressvpn Glossary
Internet telephony
What is internet telephony?
Internet telephony is the delivery of voice communication over IP networks instead of traditional telephone systems that rely on dedicated circuit-switched lines.
It enables voice calls using internet-connected devices such as computers, smartphones, or IP phones, often through applications or services designed for online communication. Internet telephony may also connect to traditional telephone networks through specialized gateways.
The term is closely related to Voice over Internet Protocol (VoIP), the technology that enables this form of communication.
How does internet telephony work?
During a call, the user’s voice is captured and converted into digital audio. A codec (such as Opus or G.711) then encodes and compresses the audio data. The encoded audio is commonly carried in Real-time Transport Protocol (RTP) packets, typically with about 20 milliseconds of audio per packet, though packet sizes vary by codec, configuration, and network conditions. RTP is usually carried over User Datagram Protocol (UDP) to reduce latency.
The packets travel across the network to the receiving device, which uses buffering and sequencing information to play the audio in order, where possible. Late or missing packets may be concealed or dropped. This process allows the call to happen in near real time.
Many internet telephony systems also rely on signaling and media protocols. Session Initiation Protocol (SIP) handles call setup, management, and termination, while RTP carries the audio stream.
Modern carrier internet telephony also uses Secure Telephone Identity Revisited (STIR) / Signature-based Handling of Asserted information using toKENs (SHAKEN), a framework for cryptographically authenticating caller ID information in SIP-based calls. The originating provider signs caller ID information using a Personal Assertion Token (PASSporT), and downstream providers can verify the signature and attestation level to help determine whether the calling number was authorized or likely spoofed.
The Federal Communications Commission (FCC) required U.S. voice service providers to implement STIR/SHAKEN in the IP portions of their networks by June 30, 2021, with extensions and later obligations for some provider categories.
Where is internet telephony used?
Internet telephony is widely used in environments where flexibility, scalability, and cost efficiency are important, for example:
- Business phone systems: Many organizations use internet telephony to replace legacy private branch exchange (PBX) systems with IP-based or cloud-based solutions. This allows multiple locations to operate on a shared IP network.
- Call centers and help desks: Internet telephony supports high call volumes and integrates easily with software tools such as customer relationship management (CRM) systems. This makes it well-suited for routing calls, tracking interactions, and managing support workflows.
- Remote work environments: Distributed teams rely on internet telephony to communicate without physical office phone lines. Employees can take calls from anywhere using desktop or mobile apps over a data connection, often alongside messaging and video features.
- International voice communications: Organizations commonly use internet telephony for long-distance and cross-border calls because routing over IP networks can reduce costs compared to legacy telecom services.
Risks and privacy concerns
Internet telephony introduces several security and privacy risks because voice data travels over IP networks and can inherit many of the same risks as other networked services.
- Call interception: Attackers can capture voice packets in transit on unsecured networks or systems that lack proper encryption.
- Metadata exposure: Even when call content is protected, metadata such as call timing, duration, IP addresses, and endpoints can reveal communication patterns and user behavior.
- Voice-data exposure in transit: Without strong media encryption, an attacker with access to the network path may be able to capture and reconstruct voice traffic. Secure protocols such as Secure RTP (SRTP) can protect the audio stream, but some deployments may still use or fall back to unencrypted RTP, especially in mixed or legacy environments.
- VoIP phishing, spam, and toll fraud: Attackers can exploit internet telephony systems through vishing (voice phishing), spam over internet telephony (SPIT), or unauthorized calling to trick users, send unwanted calls, or abuse paid calling resources.
- Unauthorized access: Improperly configured VoIP systems with open ports, weak authentication, or unsecured servers can expose the system to intruders who may intercept calls, disrupt service, or abuse resources.
Further reading
- VoIP VPN: Complete guide to securing your internet calls
- What is vishing? How to detect and prevent vishing attacks
- What is neighbor spoofing, and how can you stop it?
- What is spam risk, and how can you stop these calls?
- What is a “scam likely” call, and how to block it?