International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Monday, October 09, 2006

Wired News in an article brings attention to the insecurity of some of the new technologies online. “VOIP and Ajax -- are dangerously insecure, and likely to only get worse as they become more prevalent, according to security researchers presenting their findings at the ToorCon security conference.”

"Voice over internet protocol is going mainstream, available to consumers and increasingly replacing the private phone systems in businesses of all sizes. Like the traditional phone, a VOIP call is broken into two parts, or channels. The first is signaling, which negotiates things like when to start and stop a call, what to do if another call comes in, and what to do if something about the call changes. The second part is media, the bit where we talk. In most VOIP systems neither of these channels is actually encrypted."

"According to Dustin Trammell, VOIP security researcher at Tipping Point, this leaves most VOIP calls vulnerable. Calls can be hijacked without either party's knowledge anywhere along the route over the net that connects the call, and nearly all VOIP systems can fall victim to signal-channel attacks that can fake caller ID, degrade call quality, end calls suddenly, and crash the end device -- either your VOIP phone or computer. Internet telephony can even fall victim to denial-of-service attacks that flood a phone with fake requests to start a call, rendering it useless."

Read the full Wired News article on VOIP and AJAX security issues.