Slashdot Mirror

← Back to Stories (view on slashdot.org)

Voice Over IP Under Threat?

Posted by Zonk on from the keeping-phone-calls-expensive dept.

An anonymous reader writes "The IT Observer is discussing the possible scary future of Voice over IP targeted viruses, and what that could mean for the consumer. The article discusses the likelihood that VoIP is going to become even more popular, and the damage that a targeted 'flash virus' could perpetrate in a very short amount of time. From the article: 'Let's imagine a scenario that could become commonplace in the near future: A user has an IP telephony system on his computer (both at home and at work). In his address book on the computer there is an entry, under the name Bank, with the number 123-45-67. Now, a hacker launches a mass-mailing attack on thousands or millions of email addresses using code that simply enters users' address books and modifies any entry under the name Bank to 987-65-43. ... If any of these users receives a message saying that there is a problem in their account, and asking them to call their bank (a typical phishing strategy), they may not be suspicious, as they are not clicking on a link in an email ... If they use their VoIP system to call the bank, they will be calling the modified number, where a friendly automated system will record all their details. ' "

7 of 148 comments (clear)

  1. Logical progression by CommunistHamster · · Score: 5, Insightful

    This seems a logical progression of phishing, but it's hardly going to be a large impediment to the adoption of VOIP. Phishing hasn't dissuaded people from using email.

  2. VoIP-Spam is another threat by Rastignac · · Score: 3, Insightful

    Spams in my inbox is painfull. Spams using VoIP will be very very painfull.
    VoIP will be cheap enough for spammers, and easy to handle by spamrobots...

    --
    -- Rastignac was here.
  3. Why would this threaten VoIP? by Raistlin77 · · Score: 5, Insightful

    I would say there are likely far more people who use regular landlines and cell phones and don't use VoIP, but that do still maintain phone books on their computers. If they call with their regular phone, the same will occur. Why drag VoIP into the cross-hairs alone?

  4. VERY UNLIKELY, see why... by crazyjeremy · · Score: 3, Insightful
    This seems to be a misleading article. Most phishing techniques do not use elaborate setups as suggested. They use very simple techniques. Oddly enough, the article author seems to agree.
    Evidently, this would require a large degree of innovation, research and development on the part of the creators of malicious code, and I genuinely doubt that they would bother.
    The potential scenerio quoted in the post is so far fetched, it's doubtful anyone will ever pull it off. It involves hacking their voip system, home computer (and address book), a mass-mailing spam which happens to also include the email address of the hacked computer, user intervention (they must read the spam and respond), and the hacker must also have a good enough radio voice to fool the homeowner into thinking he's actually calling his real bank. Don't know about you, but we're not to afraid of this possible Voice over IP threat.
    --
    Funnypics
  5. Re:You could just stop using Windows... by solevita · · Score: 5, Insightful

    I've seen this argument crop up regularly on /. recently, but that doesn't make it a good one. Why? Well lets extend your argument to its logical conclusion - not only should we all use different operating systems, web browsers, CPU architectures, but we should all also use different file formats, standards and networking protocols.

    I'll never get caught by a phising scam because my web browser doesn't support the HTML used on fake-paypal.com and I can't even connect to it anyway because I'm using a brand of TCP/IP used only by myself and a handful of /. geeks.

    Call me crazy, but I want to work on something that I can easily share with my colleagues - I want the most open digital environment I can get.

    I refuse to accept that lazy/poor programmers can excuse the security holes in their products by claiming that everyone should be aiming for security through obscurity. Lets stop blaming Windows/Internet Explorer users for the insecurity of the products they use. Security through diversity is just renamed security through obscurity; it's no security at all.

  6. Re:The problem of telephony + the Internet... by arivanov · · Score: 4, Insightful

    Exactly.

    I have been doing it for a while now (need to clean the code for the AGI plugin and post it). For my incoming phone lines I have scheduled times when the phone does not ring, when it rings only in my office for known callerIDs or when it rings for everyone who has not withheld their callerid. Trivial to do with asterisk+perl-AGI and quite more powerfull compared to the default autoattendant.

    The article brands all VOIP to be Skypelike (and vice versa). VOIP is not just PC based systems and this attack currently applies only to PC based systems. In addition to that it is limited to a specific VOIP system. A valid Skype attack is not applicable to Yahoo, MSN, SIP phones, etc.

    Things may change in the future when integrated contact management and click-to-dial becomes commonplace. This is not common enough now and can be found only on PHB/Sales laptops so it is not yet an attack vector that is worth mentioning. By the way, this will apply to any phone system that has click to dial, not just VOIP. Now having outlook+voip worm - that is a scary thought...

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  7. Re:And that's why... by walt-sjc · · Score: 5, Insightful

    Oh yeah - one more thing - who does the author of this article work for? Hmm. Panda. What do they do? Antivirus and security software. Self serving FUD is what this is.