Friday, September 09, 2011

Cyber Crime:Threats to VoIP and Mobile Convergence


The cell phone is getting an completely new tool—
especially outside the U.S., in which accessing the Internet from a cellular device can offer a much better experience than traditional fixed computing. VoIP technology also continues to increase and will rival landline and mobile communications in terms of reliability and call quality.
As Internet telephony and cellular computing handle more and much more data, they will turn into far more frequent targets of cyber crime.

From the outset, VoIP infrastructure has been vulnerable to the same sorts of attacks that plague other networked computing architectures. As soon as voice is digitized, encoded,compressed into packets and exchanged more than IP networks, it's susceptible to misuse.
Cyber criminals will be drawn towards the VoIP medium to engage in voice fraud, data
theft and other scams—similar towards issues email has experienced.
Denial of service, remote code execution and botnets all apply to VoIP networks, and will become more problematic for mobile devices as well.
“Criminals know that VoIP can be applied in scams to steal individual and financial |facts so voice spam and voice phishing aren't heading away” stated Tom

“Most men and women have been trained to enter social security numbers, credit card numbers, bank account numbers, etc. more than the phone even though interacting with voice response systems,” stated Cross.

“Criminals will exploit this social conditioning to perpetrate voice phishing and identity theft. At the same time, consumers wil demand far better availability from phone program than they would from an ISP, so the threat of the DoS attack might compel carriers to pay out over a blackmail scam.”

Tom Cross - X-Force Researcher, IBM World-wide-web Security Systems
“At this point, mobile device potential is far ahead of security,” mentioned Traynor. “We’ll begin to determine the botnet problem infiltrate the mobile world in 2009.”
Patrick Traynor - Assistant Professor, School of Computer Science at Georgia Tech,
and member in the Georgia Tech Facts Security Center Cross,a researcher on the IBM Web Security Systems X-Force team. “Denial of program will also continue to be a critical threat to VoIP. If a big number of VoIP phones become infected by malware and flood a network with traffic, the results could be extremely disruptive. 
We expect some cyber criminals to attempt to blackmail
carriers based on a DoS attack scenario.”

According to Cross, large telecom corporations in Europe are now servicing clients  with VoIP. And where phone service is concerned, users have one more mentality about sharing individual information and also a higher expectation of quality.
On the bright side, Cross believes the IT and telecom communities have learned valuable security lessons from the spam and phishing problems that have plagued the
Simple Mail Transfer Protocol (SMTP).

“VoIP providers and users would like to avoid the spam crisis that has inundated email,” said Cross.
“Current research efforts at university-based centers like GTISC are studying how popularity networks according to inherited trust could be applied to VoIP to prevent voice fraud. In this kind of system, good security reputations will improve VoIP peering and call ranking so that legitimate calls get through, and voice spam and phishing are blocked.”

Cross also cited the need for intrusion prevention systems at the VoIP carrier level, along with endpoint security for Session Initiated Protocol (SIP) phones and other VoIP devices.
“While exploits targeting the iPhone have circulated publicly, I’m somewhat surprised that there haven’t been more attacks to date,” mentioned Cross.

Dave Amster, vice president of security investigations for Equifax also sees the security challenges presented by mobile computing. “More and more financial transactions
will take place more than cellular devices,” stated Amster.
“Consumers are ordering credit reports from their Blackberrys, which puts valuable information at risk.
The challenge for businesses and banks will be maintaining secure mobile applications and ease of use at the exact same time.”
 Already in Japan, people use their cell phones at vending machines and subway
token dispensers.

According to Traynor, “malware will be injected onto cell phones to turn them into bots. Large mobile botnets could then be used to perpetrate a DoS attack against
the core in the mobile network.
But due to the fact the mobile communications field is evolving so quickly, it presents
a certain opportunity to model security properly—an opportunity we missed in the PC.”
 “However, it's not going to be an easy trouble to solve.

Traynor pointed to battery power like a principal security hurdle, “If you place antivirus software on the mobile device, it will run the battery down, so cellular security will require new approaches and partnerships between manufacturers, carriers and software developers.”

0 comments:

Post a Comment

 
Design by Wordpress Theme | Bloggerized by Free Blogger Templates | coupon codes