Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, December 12, 2005

ISF Warns Of Spit And Other New Security Threats From VoIP

A new report from the Information Security Forum (ISF) warns that along with existing security problems associated with IP networks, VoIP will present new and more sophisticated threats - such as caller ID spoofing, voice modifiers, SPIT (voicemail SPAM) and packet injections.  With VoIP now poised to hit the business market in a big way, the ISF believes that failure to address these serious risks may bring voice communications to a grinding halt and result in identify theft and loss of sensitive information.  With a combination of caller ID spoofing and freely available voice modification software, it is relatively easy to pose convincingly as someone else—similar to web site spoofing and phishing.

But the ISF believes that one of the most virulent problems posed by VoIP will come about as a direct result of the low cost of sending voice messages over the Internet.  SPIT—spam over internet telephony—could become a huge problem for companies.

In surveying ISF members to research the report, concerns were also expressed that as VoIP becomes more popular, organised criminals will turn their attention to sabotaging businesses by disabling phone systems through DoS attacks or spreading malicious viruses or worms.

The problems of poor quality transmission and loss of service are gradually being overcome, which is expected to lead to more widespread adoption and reliance on VoIP in the future. “We take it for granted but it is extremely resilient, something that VoIP can not currently deliver.

Posted on 12/12