Friday, July 29, 2005

VoIP Security

VoIP Security gets more attention as Phil Zimmerman builds prototype of PGP VoIP.

VoIP Security in a nutshell:

Eavesdropping - Listening in / recording calls without the participant's consent.

I think it would probably be easier to for the average hacker to jack into the PSTN network as the tools are already abundant for that.

Denial-of-service (DoS) attacks -

Usually a packet storm aimed at a critical central server in the VoIP network of choice.
- SIP traditionally requires the registration of an IP address with their SIP ID or URI. Today this URI can be spoofed, that needs to get fixed and the IETF gurus are working on it.

SPIT (Spam over Internet Telephony) -

Spammers can create a spam engine that blasts a great number of calls per second.
SPIM - (Spam over Instant Messaging) - Bulk and potentially malicious spam sent to an IM user's ID. Since many of the new applications are IM/VoIP apps we need to consider this.

Caller ID Phishing

- Spammers can recreate the caller ID being sent to any one they chose, making it harder to NOT pick up the phone.
One thing is for sure, we need to work on this. Spammers are smart, it won't take them long to figure out how to make great sums of money sending junk calls to your phone.
Post a Comment