VoIP Security

VoIP Security gets more attention as Phil Zimmerman builds prototype of PGP VoIP.

Wired features an interview with Zimmerman on PGP VoIP.

Excerpt…
Like PGP and PGPfone, which he created as human rights tools for people around the world to communicate without fear of government eavesdropping, Zimmermann hopes his new program will restore some of the civil liberties that have been lost in recent years and help businesses shield themselves against corporate espionage.

It should be interesting to see what the VoIPSA (VoIP Security Alliance) and the others involved at the IETF have to say about Zimmerman’s proposal.

VoIP Security in a nutshell:
Eavesdropping – Listening in / recording calls without the participant’s consent. I think it would probably be easier to for the average hacker to jack into the PSTN network as the tools are already abundant for that.
Denial-of-service (DoS) attacks – Usually a packet storm aimed at a critical central server in the VoIP network of choice
Registration or Identity Theft – SIP traditionally requires the registration of an IP address with their SIP ID or URI. Today this URI can be spoofed, that needs to get fixed and the IETF gurus are working on it.
SPIT (Spam over Internet Telephony) – Spammers can create a spam engine that blasts a great number of calls per second.
SPIM – (Spam over Instant Messaging) – Bulk and potentially malicious spam sent to an IM user’s ID. Since many of the new applications are IM/VoIP apps we need to consider this.
Caller ID Phishing – Spammers can recreate the caller ID being sent to any one they chose, making it harder to NOT pick up the phone.

One thing is for sure, we need to work on this. Spammers are smart, it won’t take them long to figure out how to make great sums of money sending junk calls to your phone.