Communications experts warn of VoIP security issues
I always find it interesting when academics rant about some security issue that really isn’t tied to reality. Communications experts warn of VoIP security issues. Upon reading the news brief it is apparent that VoIP is not the issue, it’s DDOS and the lack of controls on our peer to peer Internet.
At first I thought “Well they are communications experts and not security experts”. Then I looked at the members and Ross Anderson is in there. Mr. Anderson probably knows more about security than I ever will, so perhaps its just me.
You see, if I had a whole bunch of bots around the net, and had compromised their owner’s VoIP software, I would not be using it to coordinate DDOS attacks. I’d be SPITting all over the place. Especially the ones that had accounts to access the PSTN. The thing is, one can avoid SPAM by not using email, or not using it much. No one with a phone can avoid SPIT. If this ever takes off, it will be very very bad.
Update: CommunicationsResearch.net news release on their site is now missing. Other URLs: VoipInfoBlog, PhotonicsFiber.com
And a telling tale of what might have happened here. It’s a very interesting story of how the polictics of vulnerability disclosure is a field of landmines.
It also may indicate my original comments are a bit harsh, but the original press release itself at fault for that.