Slashdot Mirror

← Back to Stories (view on slashdot.org)

VoIP's Security Vulnerabilities

Posted by ryuzaki0 on from the is-your-refridgerator-running dept.

garzpacho writes "Experts predict that attacks on VoIP systems could be right around the corner, and are calling for preemptive security measures. The BusinessWeek article compares the current state of voice-over-IP to the pre-spam email era and suggests that spammers could be the first to exploit the system. From the article: 'Here's what VoIP security breaches could mean for consumers. For starters, it's a big channel for spammers. Think of the Viagra ads that flood your e-mail inboxes now. They work because the cost of e-mailing thousands of people at once is so low, only 1% to 3% or so need to respond for it to be worth it, Ingevaldson says. Comparable economics apply to VoIP calls, he says. Then there are potential phishing attacks, where fraudsters posing as banks lead consumers to fake sites. Those and other attempts at identity theft could spring up via VoIP accounts too, experts say. Imagine the messages from relatives of deposed Nigerian dictators -- only this time they're on voice mail, too.'"

5 of 117 comments (clear)

  1. Whitelist Only by bahwi · · Score: 2, Interesting

    I know wish Asterisk it should be possible to set up a database centric version of a whitelist, and only allow those calls in. All others are given infinite rings, or route-to-ex.

    Maybe the time is now to start this. If they have your #, they should have your email, IM, and there should be a web address with a captcha that gives 24 hour access or something? Maybe that's what it should do instead of infinite ring, "To access my phone, please go to www.whatever.com and type in the number you are trying to dial, and follow the instructions. Thank You."

  2. e-mail is different. by just_forget_it · · Score: 2, Interesting

    E-mail can be presented in a much more convincing manner than voice mail. Spamming on VOIP would be more akin to telemarketing on traditional phones. E-mail spam is sent en masse and is impersonal.

  3. solved that problem by gstovall · · Score: 2, Interesting

    I solved this problem years ago. I programmed my (VoIP) phone service to respond to all anonymous calls with a message requesting them to put this number on their DO NOT CALL list. Then dropped them immediately into voice mail in case there really WAS something they wanted to say. In the initial voice mails, I heard lots of background noise, and people saying, "Hey! Listen to this!" to their coworkers, but they all got the hint.

  4. Re:Reliability is lower too by aonic · · Score: 2, Interesting

    "All high-speed Internet providers that I have ever had (Comcast, Yahoo/SBC/AT&T) suffer outages periodically - say, about once every two months for several hours on the average, and this is only the outages that I know about, since I don't use my home computer all the time. Happens at work too - at one time our business DSL was out for two days (thank you "new" AT&T). The electrical power has also been out several times. At the same time I don't remember a single problem with my land line. Note that I live in the San Francisco Bay Area, so this is a relatively high-tech place."

    Note that the San Fransisco Bay Area (I'm from San Jose myself) was one of the first markets with a huge demand for broadband. Our infrastructure is TERRIBLE (partially because of the TCI->AT&T->Comcast mess). On the other hand, in areas that didn't have a giant push for broadband immediately, such as Boulder, CO (where i'm going to school), Comcast was able to, given an extra four or five years, completely revamp its infrastructure. We have almost flawless broadband in CO (a relatively low-tech place, at least in some areas), whereas at my parents house in CA, the internet STILL goes down for an hour or so every other day at around 2am.

    The population density also makes a difference, too. DSL in the bay area is terrible because you might have 20 houses multiplexed onto a given local loop where in most cities there would be four or five. The cable network is only able to support somewhere around the lines of 38 megabits per cable head-end, and when you have something like five million people in the south bay alone, each one running at six megabits, that's a lot of cable sub-networks.

  5. Challenge/Response Sucks by patio11 · · Score: 2, Interesting
    I hate challenge/response systems with a burning passion. Every time I get a C/R email it might as well have Subject: My Time Is More Valuable Than Your Time. I would be pretty incensed if businesses I had to call implemented this -- its bad enough that I have to deal with menu heck to get to an actual human being if I dial the generic tech support line, but if I'm dialing Mr. I Have Your Business Card then I had darn well better get him or his voice mail as soon as the phone picks up. If the matter weren't urgent enough so that I wouldn't mind going to a website and waiting for a reply I would have sent a bloody email.

    And C/R capchas will be circumvented the exact same way its circumvented for email and registrations -- if it takes 5 seconds to get through the capcha then your callcenter in China (hidden behind 45 proxies to appear that it originates in your compromised American box) can send 1200 spams per operator per hour. That costs, lets see, about a quarter for a thousand spams.

    --
    Help poke pirates in the eyepatch, arr.