Home
Downloads
RSS
A new type of identity fraud, which sees hackers tapping into voice-over IP telephony accounts, has been highlighted by a VoIP equipment maker.
Usernames and passwords from voice-over IP (VoIP) phone accounts are selling online for more than stolen credit cards, Newport Networks has found.
The information allows someone to use the telephone service for free.
Net telephony fraud is still in its infancy, with eavesdropping on calls being the most common security flaw.
Capturing accounts
But the move into stealing usernames and passwords which are routinely sent across the network when a call is made, is a worrying new trend thinks Dave Gladwin, vice president of products at Newport Networks.
"It is still at an embryonic stage but as voice adoption increases it becomes more of a problem and needs addressing," said Mr Gladwin.
The details are not sent as plain text but are encoded in such a way as to be "easily captured and unobscured", said Mr Gladwin.
Credit card details have been traded fairly openly online for some time and can be bought for around $12 (£6) each. VoIP account details fetch a slightly higher price, at $17 (£9), according to Mr Gladwin.
The problem is less of a issue for businesses which routinely offer voice-over IP services for their employees because users are tied into a secure corporate network.
But for consumers, relying on public or unsecured home wi-fi networks, there is more of an issue.
"90% of carriers don't offer a secure VoIP service," said Mr Gladwin.
He estimated it would cost around £2/£3 per subscriber for service providers to instigate the additional level of security needed.
"Most of the software out there has the capability of running in secure mode if the service providers would accept it," he said.
But not everyone is convinced that it is a widespread problem.
"I have not seen security issues with VoIP as a big issue. This is partly because such services aren't that mainstream and therefore have not been targeted by criminals in the way that e-mail and online banking services have," said Ian Fogg, an analyst with Jupiter Research.
Source: news.bbc.co.uk
Posted By: IndoSourceCode
