Slashdot Mirror

← Back to Stories (view on slashdot.org)

Voice Over IP Under Threat?

Posted by Zonk on from the keeping-phone-calls-expensive dept.

An anonymous reader writes "The IT Observer is discussing the possible scary future of Voice over IP targeted viruses, and what that could mean for the consumer. The article discusses the likelihood that VoIP is going to become even more popular, and the damage that a targeted 'flash virus' could perpetrate in a very short amount of time. From the article: 'Let's imagine a scenario that could become commonplace in the near future: A user has an IP telephony system on his computer (both at home and at work). In his address book on the computer there is an entry, under the name Bank, with the number 123-45-67. Now, a hacker launches a mass-mailing attack on thousands or millions of email addresses using code that simply enters users' address books and modifies any entry under the name Bank to 987-65-43. ... If any of these users receives a message saying that there is a problem in their account, and asking them to call their bank (a typical phishing strategy), they may not be suspicious, as they are not clicking on a link in an email ... If they use their VoIP system to call the bank, they will be calling the modified number, where a friendly automated system will record all their details. ' "

4 of 148 comments (clear)

  1. And that's why... by AltGrendel · · Score: 3, Interesting
    ...I'm still using copper. I know that this will work itself out, that the technology will improve, etc, etc.. but until it does, I'm going to stay away from it. For me, it doesn't make sense to be an early adopter of VoIP.

    But that just my opinion.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

  2. Re:The problem of telephony + the Internet... by HugePedlar · · Score: 3, Interesting

    I wonder if VOIP might solve this to some extent. After all, with Asterisk or similar, the home user can set up an "Auto-Attendant", or menu system to filter calls that get through. Perhaps even some form of voice recognition (recognising people's voices in your address book, or, controversially, an Indian accent) might become common. I suspect VOIP will make the telemarketers' jobs harder in the end.

    --
    Argh.
  3. Maybe a FUTURE problem by Opportunist · · Score: 3, Interesting

    Let's face it, who's the prime target for phishing? Joe Average Users. "We" (as in, people who enjoy technology as a pastime more than just a tool) know about such problems, and we know how to deal with them. I still never heard of a 'clued' person to become a phishing target. We certainly don't answer to mails akin to "Hi, I'm your Bank, please send me all your details in reply or your account will be frozen", and we usually routinely check for unwanted BHOs and tasks, and we certainly run up to date AV software (or at least have another reason to assume with some sort of faith that we are not infected).

    In short, we know the threat. And we're also the ones who use VOIP predominantly, aside of companies (who better have someone like us as their IT-security person there). Auntie Mable and Joe Hicksberger won't switch to VOIP any time soon.

    So personally, I'd rate THAT threat low. At least for now.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Re:You could just stop using Windows... by planetmn · · Score: 4, Interesting

    WTF?

    Now, I understand in the Slashdot world, anything that pokes at Microsoft and Windows is instantly thought of as insightful and true, but what the hell does this problem have to do with Microsoft? This problem exists because of social habits of human beings. Most phishing scams work only when there is action taken by a victim that is either uncaring, or doesn't know better.

    I recently received a phishing scam email from somebody purporting to be Wells Fargo Bank. First clue is obvious, I don't have an account with them, but I was curious. So I clicked the link in Firefox. The site comes up, looks similar to the real Wells Fargo site, but has a completely non-legitimate URL. So then I clicked the link in IE7. Guess what, IE7 knew it was a phishing site.

    So in my above example, Microsoft was not at fault, in fact, they were proactive enough to protect the user. Stop blaming third parties for what amounts to human error. And if you think OS diversity would help the problem, you are wrong. People react the same way to phishing scams regardless of OS.

    And your suggestions are absolutely insane. One thing that computing monoculture brings is a standard implementation. How would the average consumer react if they were told "this software won't work on this OS" or worse "this software only works on certain flavors of linux, but not yours". The reason the PC grew so quickly was the ability to choose between different software and hardware easily, and be sure of compatibility. Sure, niche markets existed, such as the Mac, but the PC was much more extensible and much more desirable.

    -dave

    --
    /., where "Apple and Google provide Iran with nukes" will be refuted with "But Microsoft is a convicted monopolist"