Topics: Security

New Security Threats For VoIP

Posted by Mitch Wagner, Jan 5, 2007 04:12 PM

Panda Software looks at some scary security threats posed by VoIP. The top part of the article in IT-Observer looks at new ways that VoIP might be used for denial-of-service attacks, but the author, Fernando de la Cuadra, dismisses those threats as unlikely (too quickly, I think). The article then goes on to deal with possible threats posed by social engineering.

Let's imagine a scenario that could become commonplace in the near future: A user has an IP telephony system on his computer (both at home and at work). In his address book on the computer there is an entry, under the name "Bank", with the number 123-45-67. Now, a hacker launches a mass-mailing attack on thousands or millions of e-mail addresses using code that simply enters users' address books and modifies any entry under the name "Bank" to 987-65-43. The problem has now been created.

If any of these users receives a message saying that there is a problem in their account, and asking them to call their bank (a typical phishing strategy), they may not be suspicious, as they are not clicking on a link in an e-mail (as they have been advised not to do to avoid this type of fraud) nor calling a number in the e-mail (another typical ploy). If they use their VoIP system to call the 'bank', they will be calling the modified number, where a friendly automated system will record all their details.

So why does de la Cuadra dismiss threats from new denial-of-service attacks? Because, where attackers previously acted because they were seeking notoriety, they're now professional criminals, looking to make money off their attack. Presumably, de la Cuadra thinks there isn't money to be made in DOS attacks, but I think he overlooks real incidents that have happened in the past, where DOS attackers have extorted protection money from their targets. And we also can imagine unscrupulous businesses launching denial-of-service attacks against competitors.

(Via Slashdot)

« CES 2007: A Shocking Introduction From Taser | Main | CES 2007: Products On View At CES Unveiled »

This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.

Blog Categories
Healthcare Cloud Computing Enterprise 2.0 Digital Life Grok On Google Over The Air Outsourcing Global CIO Startup City Information Management Content Management Green Computing Full Nelson Unified Communications	Government IT Analytics Tech Stocks Interop Security Microsoft Apple Unvarnished Open Source Wolfe's Den David Berlind's Tech Radar Virtualization Storage Backup and Business Continuity Blog Homepage

Multicore Programming Blog

Join The InformationWeek Group On LinkedIn

InformationWeek

Business Innovation Powered By Technology

New Security Threats For VoIP