[ insider_reports_insider ]
VoIP Getting Dangerous?
John Stith
Staff Writer
2006-01-27
 Insider Reports RSS Feed
Voice over Internet Protocol (VoIP) is like a barn full of grain, waiting for rodents to move in according to a new report released by Cambridge and MIT. The study released on Thursday suggested VoIP is ripe for the picking of hackers around the world.
 | | VoIP Getting Dangerous? |  |
The study conducted by the Communications Research Network (CRN) between the two institutions said that while no attacks had yet occurred, "it was only a matter of time before the technique becomes mainstream."
The CRN researcher, Dr. Jon Crowcroft, Marconi Professor of Communications Systems at Cambridge University put the project together and determined that VoIP would be an awesome avenue for launching denial of service (DoS) attacks.
As the study pointed out, the DoS attacks are difficult to assess and many aren't reported because the undermine client confidence in their security. Also, the number of zombie computers involved in the attack is unknown even though estimates range in the millions.
"While these security measures are in many ways positive," says the CRN's Jon Crowcroft, "They would add up to a serious headache if someone were to use a VoIP overlay as a control tool for attacks. Although one could slowly shut down and patch or upgrade the exploited machines, it would be much harder to find affected computers and almost impossible to trace the criminals behind the operation."
The theory behind this is VoIP, because it runs continuous media over IP packets, would provide good cover traffic. They said the ability to dial in and out of VoIP overlays allows for control of an application via a voice network and making it nearly impossible to trace the source of an attack.
The study concludes that if left unresolved, these vulnerabilities will be exploited and eventually undermine consumer confidence in the products. Crowcroft believes the VoIP providers could beat the loophole if they were publish their routing specs and switch over to open standards.
Crowcroft points out this would help legitimate agencies track criminal misuse of VoIP and it would increase market share by allowing instant messenger tools offering voice to work with VoIP. And there's possibility of improving the quality of service so ISPs could traffic engineer the VoIP traffic.
"Criminal activity on the internet should be a notifiable event, with registration on a central database," says CRN Chairman, David Cleevely. "It's important to remember that there are more of us good guys than there are bad guys. The more we share information between us, the more we stay ahead of the game."
Add to | DiggThis| Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
