Not long ago, I noted how the IT world, in general, seems to be far more interested in the latest cool new feature than in the risks that often accompany that feature.
You'd have thought that the September 11th attacks here in the US of A and subsequent warnings about our continuing vulnerability to cyber-attacks would have acted as wake-up calls to the IT community. Unfortunately, governments in the USA and elsewhere have simply used the attacks as a pretext for increased surveillance of ordinary citizens while doing little or nothing to actually improve security.
Meanwhile, businesses and consumers continue to gaze at the latest sparkly trinket.
Which brings me to IP telephony, a.k.a.Voice Over IP or VoIP. Gartner says IP phone shipments have jumped 53 percent from last year and I, personally, know folks who now do all their voice communications via Skype or similar products. Never mind that, according to a presentation at the latest Hack in a Box conference, VoIP systems are easily hackable and could be used for identity theft or that hackers can already download tools to attack the protocol used by VoIP handsets.
In fact, as a recent Business Week article bluntly states, "VoIP calling systems are just as susceptible to hacking and digital mischief as any other Internet-based application". That includes worms, viruses, DDOS attacks, and phishing.
That last one is especially scary. Most of you out there are probably familiar with how e-mail phishing works (the rest of you can click here). The VoIP version of this would direct you to a phone number - very possibly the actual phone number of your bank - where you would give your personal information to someone who is allegedly on your bank's customer service staff but who is, in reality, working for someone else entirely. Like, for example, the Russian Mafia. That's because your bank's VoIP system has been hacked in much the same way web sites are hijacked now.
Worse yet, the security tools for VoIP systems are far less well-developed than those for PCs and servers. In this area, unfortunately, the Bad Guys are way out in front.