By Dan Ilett, 19 October 2005 13:25
NEWS Hackers will attack voice over IP (VoIP) telephone conversations with spam and malicious code within two years, equipment manufacturer Nortel has claimed.
Companies using VoIP and other multimedia services, such as videoconferencing, should plan to defend against unsolicited adverts appearing mid-conversation, the company said.
Atul Bhatnager, VP of enterprise networks, said: "VoIP attacks are still at an early stage but as hackers become more savvy you'll see similar things as on the data side; denial-of-service attacks or spam on VoIP.
"I would say [this will occur] in the next two years as adoption is increasing. This is the right time to put the defences in place as the use of VoIP will be rigorous over the next two or three years. We've learned a lot of lessons on the data side which can be applied to the voice side."
VoIP carries a call over a data network rather than only over a telephone providers' traditional circuit-switched network. This can cut the cost of phone calls for businesses, which has made the technology attractive to some. But questions around the security of VoIP remain unanswered.
Bhatnager said that deep-packet inspection - a method of checking every IP packet entering a network for unusual properties, in much the same way airport security checks every passenger - is an essential part of protecting networks against VoIP attacks.
But VoIP is not the only target for the future, he added, as videoconferencing over IP networks could be hijacked in the same way as voice and data services.
He added: "VoIP is the first phase video is right behind. You'll be watching a video screen and all of a sudden it's hijacked and you are watching an ad. If you can do it on data you can do it on VoIP. People will marry individual tastes and preferences and use it for intelligent spamming."
Security experts agree VoIP attacks are likely to occur in the next two years. Paul Simmonds, global information security director at ICI, said the timescale is accurate.
He told silicon.com: "We're not seeing that because we aren't using it. But for any technology that has achieved critical mass for a hacker to take interest - sure.
"When instant messaging is joined together, we will see a lot more [of that] targeted. When you get that in VoIP - and he is right about a two-year timeframe - you will see that as a target.
"I'd say get your act together now and be prepared."
But some vendors are not convinced the attacks will be as serious as Nortel predicts.
Joel Horowitz, vice president of Masergy, a voice and video network provider, said: "It's possible but it's going to be limited to the people who have the resources - it'll be governments [doing it]. The minute it starts we'll find a way of stopping it happen. I think we'll start encrypting everything."
Comments
There is 1 comment. Join the discussion
1. anonymous
The same lack of response by IT and government continues both do not conduct constructive actions to eliminate the overall hacking problem.
The damage to commerce and the internet method of business is not possible to calculate. The irresponsible actions MAY be addressed where the perpitrators were made liable for thier actions and where it financially would be detrimentatal for the disrution caused.
No business or private sector would wish the big brother attitude, technology should concentrate on systems which would detect and quarantine Trojans or any disruptive data within the information packet.
One would state are the IP providers to be the front line of defence and how will this be implemented. The data security act is in force to protect personnal and sensitive data, however not in this area.
Where malpractice is detected the corrective action to be instigated by relevent parties (who would this be).
In digressing the telephone preference system is in place to reduce nuscence calls, these are indicated to the distibuter with financial penalties could this be implemented to address the problem. The internet is a world wide entity to the good of all, why does lack of action still occur.
In civil law where personnal data or theft resulting in disruption occurs by conventional methods appropriate action are taken.
When will retoric end and action be taken???