ACM TechNews
Careful With That Call
Government Computer News (05/05/08) Vol. 27, No. 10, Jackson, William
With more attention being focused on stopping hackers from using email and
security vulnerabilities in Web applications as an avenue for breaching IT
systems and stealing data, hackers could begin to see Voice over Internet
protocol (VoIP) systems as the path of least resistance, security experts
say. The experts add that now is the time to begin defending VoIP systems
before hackers begin exploiting the vulnerabilities in those systems.
Those vulnerabilities are similar to the vulnerabilities that exist in
other types of applications. For example, the vulnerabilities in VoIP
systems can allow arbitrary code to be executed on an endpoint, such as a
telephone handset or a laptop PC running a soft phone client. In addition,
hackers can use vulnerabilities in VoIP systems to access an organization's
data if its voice services and data are carried on the same network. As a
result, researchers are beginning to heed security experts' call to begin
developing defenses for VoIP systems. For example, Georgia Tech
researchers are working on so-called soft credentials that assign a level
of trust to voice calls based on social-networking techniques and circles
of trust. With this system, levels of trust are assigned by studying who
talks to whom, under what circumstances, and for how long. Although such a
solution would require a learning period in which the system studies the
user's calls, it would be a very effective defense mechanism once the
learning period was over, says professor Mustaque Ahamad, director of
Georgia Tech's Information Security Center.
http://www.gcn.com/print/27_10/46209-1.html
© Copyright 2008 Information, Inc. This service may be reproduced for internal distribution.