HITB - VOIP presents major security risk, expert warns

VOIP systems put banks and other companies at risk of phishing attacks, a security researcher warned.

Sumner Lemon (IDG News Service)
21 September, 2006 08:12
Comments

Banks and other companies switching their phone systems to VOIP (voice over Internet Protocol) are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools, a security researcher warned Wednesday.

"People will be able to penetrate bank networks and hijack their phone lines," said an independent security researcher, known by his pseudonym The Grugq [CQ], in an interview. VOIP is becoming increasingly common as companies and operators look to the technology to help cut costs, which makes them more vulnerable to attack, he said.

The Groqg, who spoke this week at the Hack In The Box Security Conference (HITB) in Kuala Lumpur, Malaysia, said VOIP phishing attacks will emerge by the end of this year. The attacks will allow hackers to steal personal data, including credit card numbers and bank account information, and there is little security managers can do to stop them.

"Theoretically, you phone up your bank and the customer service line has been taken over by hackers," The Grugq said.

In this scenario, the customer would be asked by the hacker to enter personal banking information before being passed on to an actual bank customer-service representative. "There's no security technology out there that companies can deploy to fix this," The Grugq said, noting that existing intrusion-detection systems are not capable of detecting when a VOIP attack takes place.

During his presentation at HITB, The Groqg announced the release of alpha code for SIPhallis, a tool he wrote that allows security managers to manage SIP (Session Initiation Protocol) VOIP packets on their networks. "It gives you an interface to create and send VOIP packets; it also allows monitoring of VOIP packets," he said, adding the application can also be used to inject packets into a VOIP stream.

Existing softphone or PBX software is all that is required for hackers to launch a VOIP attack, The Grugq said.

HITB runs through Thursday, Sept. 21.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Alpha, HIS Limited

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Become an AVG Reseller and Make Serious Money!

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

In Search of the Long-Term Archiving Solution —Tape Delivers Significant TCO Advantage over Disk

How to reasonably and in the most cost-effective way, preserve valuable digital data for a long time – and how to prepare for the ensuing decades of continuing data growth, technology change, and increasing long-term preservation requirements.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management