Last January 04, we submitted an article entitled "The Top Seven
Threats To Your Computer in 2007" and we listed Voice over IP (VoIP) as
the number four threat. Two weeks later, the Computerworld website came
out with an article entitled "VoIP Soon To Be A Target Of...Hackers".
For those of you who are unfamiliar with Computerworld, it is a website
targetted more towards advanced computer users ("geeks" is the
industry-standard appellation).
VoIP is not an entirely new technology, in fact it has been around
since the mid-1990's. At that time, home internet users mostly
connected through dial-up and the maximum speed was 56Kbps. High speed
connections were limited mostly to big businesses who paid, what by
today's standards are, ridiculously high fees for dedicated
connections. High speed connection was a prerequisite for good quality
connections, otherwise the connections would be choppy when done
through dial-up.
Nowadays, with broadband internet affordable for households and
businesses around the world, VoIP has become a common internet staple.
Internet providers and telecommunications companies are falling over
each other offering competitive pricing for VoIP. Basically, the use of
VoIP has become widespread enough that spammers and cyber criminals
want in on the action.
The weaknesses of VoIP is in its very infrastructure and the protocol
it uses in order to transport the voice data. It comes as no surprise
that hackers are savvy enough to exploit these. Without getting into
technical details, VoIP's weakness figure prominently in its inability
to adapt with some older and existing firewalls. For those of you who
are not familiar with firewalls, they can either be hardware or
software applications that secure your personal computers and/or your
networks from unwanted traffic.
Needless to say, without a straightforward way to secure your voice
data, they can easily be exposed to any form of intrusion. The
Computerworld article mentions that it is extremely easy to listen in
on a call. And on the other end, it is also not at all difficult to
inject noise or spam into a conversation. This practice of injecting
spam is already being practiced enough to earn it the term "spit".
This practice of "spit" has attracted not just the spammers' attention,
but the scammers as well. The same article identifies hackers using a
particular phishing exploit to imitate the interactive voice response
system of actual companies. Imagine yourself using VoIP to call your
bank's automated voice response system to carry out some transactions
but in reality, you are interacting with a scammer's system. Can you
say identity theft fast enough?
Security appliances and applications on the providers' level is
available, but implementing them correctly is the challenge that they
face. There are many corporations these days who forbid their personnel
from conducting sensitive conversations via VoIP, Hewlett-Packard for
one. As a home user, you can take a cue from this type of corporate
policy. Most banks and other financial institutions provide toll free
numbers, so it is still safer to use the old conventional way of
picking up the phone and doing your phone transactions this way.
There is nothing more convenient and fun to talk to relatives and
friends in faraway places over the computer, but it is another thing to
have your finances wiped clean by cyber criminals. And the threat is
certainly real.