ITU Corporate Strategy Newslog - Identity fraud hits net telephony

Wednesday, May 14, 2008

A new type of identity fraud, which sees hackers tapping into voice-over IP telephony accounts, has been highlighted by a VoIP equipment maker.

Usernames and passwords from voice-over IP (VoIP) phone accounts are selling online for more than stolen credit cards, Newport Networks has found.

The information allows someone to use the telephone service for free.

Net telephony fraud is still in its infancy, with eavesdropping on calls being the most common security flaw.

Capturing accounts

But the move into stealing usernames and passwords which are routinely sent across the network when a call is made, is a worrying new trend thinks Dave Gladwin, vice president of products at Newport Networks.

"It is still at an embryonic stage but as voice adoption increases it becomes more of a problem and needs addressing," said Mr Gladwin.

The details are not sent as plain text but are encoded in such a way as to be "easily captured and unobscured", said Mr Gladwin.

Credit card details have been traded fairly openly online for some time and can be bought for around $12 (£6) each. VoIP account details fetch a slightly higher price, at $17 (£9), according to Mr Gladwin.

Read Full Story

Emerging Threats | Internet | IP Networks | Software Vulnerabilties

Wednesday, May 14, 2008 3:26:26 PM (W. Europe Standard Time, UTC+01:00)

Categories

About

The information presented within this blog comes from various organizations around the world. ITU encourages users to seek more detailed information from the original source through the links provided. Links to third-party websites are provided for the convenience of all users. The ITU is not responsible for the accuracy, currency or the reliability of the content on these third-party websites. ITU does not offer any guarantee in that regard nor does ITU endorse the third-party organizations, their sites or content.

E-mail