Thursday, November 30, 2006

VoIP is vulnerable to attack

In case you didn't already know, VoIP (Voice Over Internet Protocol) is vulnerable to attack. VoIP calls to call centers are "vulnerable to attack because call centres are failing to secure their networks robustly enough" (via The Register).

The audit, that pinpoints these vulnerabilities, conducted by Scanit, was able to pick up data such as PIN numbers entered on a touch tone phone. Call centers, according to research, believe that VoIP vendors put proper security measure in place, so they do not take measure to protect VoIP calls.

It's quite easy to eavesdrop on VoIP calls, programs like WireShark or Cain & Abel, which are widely available on the Internet, can give unexperienced users with all the tools they need to detect and record VoIP calls.

No comments: