Please wait while the page is being loaded Skip this advertisement >
ARN

HITB - VOIP presents major security risk, expert warns

VOIP systems put banks and other companies at risk of phishing attacks, a security researcher warned.
Sumner Lemon (IDG News Service)  21 September, 2006 08:12:14
Have your say!
Add to Google
ARN Directory | Distributors relevant to this article
Achieva Technology Australia , Altech Computers , Infortech Distribution

Banks and other companies switching their phone systems to VOIP (voice over Internet Protocol) are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools, a security researcher warned Wednesday.

"People will be able to penetrate bank networks and hijack their phone lines," said an independent security researcher, known by his pseudonym The Grugq [CQ], in an interview. VOIP is becoming increasingly common as companies and operators look to the technology to help cut costs, which makes them more vulnerable to attack, he said.

The Groqg, who spoke this week at the Hack In The Box Security Conference (HITB) in Kuala Lumpur, Malaysia, said VOIP phishing attacks will emerge by the end of this year. The attacks will allow hackers to steal personal data, including credit card numbers and bank account information, and there is little security managers can do to stop them.

"Theoretically, you phone up your bank and the customer service line has been taken over by hackers," The Grugq said.

In this scenario, the customer would be asked by the hacker to enter personal banking information before being passed on to an actual bank customer-service representative. "There's no security technology out there that companies can deploy to fix this," The Grugq said, noting that existing intrusion-detection systems are not capable of detecting when a VOIP attack takes place.

During his presentation at HITB, The Groqg announced the release of alpha code for SIPhallis, a tool he wrote that allows security managers to manage SIP (Session Initiation Protocol) VOIP packets on their networks. "It gives you an interface to create and send VOIP packets; it also allows monitoring of VOIP packets," he said, adding the application can also be used to inject packets into a VOIP stream.

Existing softphone or PBX software is all that is required for hackers to launch a VOIP attack, The Grugq said.

HITB runs through Thursday, Sept. 21.

Comments

Post new comment

Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Syndicate content
Careerone Job Search
Job seekers Get job alerts | Post your resume online | Interview tips | Ask Kate
Advertisers Click here to advertise your jobs to thousands of job seekers monthly.
 
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
ARN Community Comments
Most Commented
ARN Library


Read Material

RSA - Where Online Fraud is Going

Where Online Fraud is Going: An Insight into Emerging Threats and Changing Fraud Patterns The basic workings of online fraud can be directly correlated to “ real-world” crime.

Subscribe to ARN

ARN has been the premier provider of information to the Australian IT channel for more than 12 years. As the only weekly publication dedicated to the channel, ARN produces timely, accurate news and analysis about IT business issues, products and services, new technology and market opportunities.
Sponsored Links