How Secure Are Internet Phone Calls?
Posted on: Thursday, 9 March 2006, 09:00 CST
By Jessie Seyfer
The allure of Internet phone calling is understandable -- dirt- cheap calls to anywhere in the world, sound quality that's at times superior to the traditional landline and the ability to take your phone number with you when you travel.
But, buyer beware. These calls are just like any other form of digital communication, like e-mail, which can be hacked, spammed and saved on servers.
While Internet calling programs from Skype and Vonage to Google and Yahoo are getting more and more popular, security experts warn that they're not as secure as your traditionallandline.
"Lots of people are ignoring the risks about it," said Rodney Thayer, a Mountain View, Calif., security consultant. "Sometimes there's absolutely no encryption. Someone could listen to your conversation. It's not clear that these services have been hardened so that no inappropriate activity could take place."
There has been a national debate over President Bush's authorization of wiretaps without first obtaining a warrant, and a battle between Google and the Department of Justice over privacy. Google is fighting a subpoena it received, as did Yahoo, America Online and Microsoft, asking them to provide information to the government about people's search habits.
Adding more heat to the issue is an ongoing legal conflict between several Internet phone-calling providers -- as well as privacy advocates -- with the government over whether companies should be required to make it easy for law enforcement to conduct wiretaps over their networks.
The providers argue that taking steps to make wiretapping easier will actually make networks more vulnerable to malicious attacks. Federal regulators believe Internet phone systems should follow the same rules as traditional ones, and should offer a standardized level of access to law enforcement. The matter remains before a federal appeals court.
In thinking about the threats Internet callers may face, experts say it's helpful to think of the calls as spoken e-mails -- after all, they both consist of packets of data zipping across the Internet. Therefore, it's possible for Internet phone calls to be plagued by the same attacks that dog e-mail: Hackers listening to your calls, automated spam messages that call you and so-called "phishing" requests, which are phone messages that seek personal financial information from recipients with the intention of raiding their bank accounts.
"I think the next generation of spam is spam voicemail over VoIP," said Chris Rouland, chief technology officer at the Atlanta- based Internet Security Systems company, which supplies security for large phone networks and other businesses. VoIP stands for Voice Over Internet Protocol, and is the industry term for Internet phone- calling.
At home, people using Internet phone calls should take the same precautions they do for Web and e-mail communications: "Never accepting calls from people they don't know and don't trust. Never giving out personal information to strangers and people you don't trust," Yahoo spokesperson Terrell Karlsten said.
Skype uses encryption, or hiding data with difficult-to-break codes, and Yahoo uses other methods, to protect conversations.
Experts suggest anyone thinking of signing up for Internet calling services ask or make sure they're clear about a specific company's policy toward security and privacy.
So far, there have not been any major documented incidents of fraud or spamming from using Internet phone-calling. But while growing in popularity, Internet phone calling is still in its infancy.
Eleven percent of American households will be using some form of Internet phone service by 2010, according to Forrester Research. Industry analysts at In-Stat reported that the number of people using the technology worldwide grew by 62 percent from 2004 to 2005.
Cisco Systems, which makes routing and switching equipment that sends Internet data where it needs to go, believes businesses and Internet service providers should safeguard voice conversations for their staff and customers in the same way they can protect e-mail and instant messaging.
"Secure your phones, secure your routers, secure your VoIP call centers, secure your applications," said Jayshree Ullal, senior vice president of Cisco's DataCenter, Switching and Security Technology group.
Many security options can be installed on the computer network, rather than on people's individual desktop computers, Ullal said.
Yet security experts say that if people want to listen to your Internet telephone conversations, they can. In fact, a simple Web search produced a site offering a program to do just that. The program is designed to break into networks and then capture the packets of data containing the conversation, and reconstruct them into an audio file.
But the experts also point out that while it's possible for hackers to record conversations, it's unlikely that such attacks will occur randomly. Attacks are more likely to occur on office networks than home networks and are likely to involve conversations that will give hackers information they can sell.
Source: Buffalo News
Related Articles
- Probe Finds Botched Calgary 911 Call the Result of Internet Phone Service Failure
- The Kansas City Star, Mo., David Hayes Column: Internet Phone Firm Offers Free Long-Distance Calls
- Stayin' Connected ; Internet Phone Calls Are Heading for Your Cell Phone Through Dual- Mode Networking
- Fcc Orders Reliable 911 Service on Internet Phone
- Calling By Computer; Internet Phone Service is Easy, Inexpensive
- Internet Phone Calls . . Coming to a Mobile Phone Near You
- Internet Phone Tries to Go Prime Time
- Shutoff of Internet Phones Over 911 Call Issues is Delayed
- Actiontec Extends Free Skype Internet Calls to Home Phones With Internet Phone Wizard
User Comments (0)
RSS Feeds