CABLEFAX CABLEFAX MAGAZINE CABLEFAX DAILY COMMUNICATIONS TECHNOLOGY

News  |  Strategy  |  Emerging Tech  |  Advanced Services  |  Vendors
SMART VIEW: VIDEO | VOICE | DATA | WIRELESS | MOST READ
SEARCH: Advanced Search

November 9, 2005

VoIP Security Woes Within SPITTing Distance

By Jim Barthold

Here's this week's mindbender. What do camels, baseball players and hooligans with the potential to disrupt the nascent VoIP business have in common?

SPIT.

Camels, when they can't bite people spit at them. Baseball players, when they're not scratching their crotches, spit. And Internet hooligans, already having wreaked havoc with worms and viruses over IP, move to SPIT – Spam Over Internet Telephony. The more successful VoIP becomes, the more SPIT that'll hit it.

"As VoIP gets rolled out across residential networks this is creating a personal sandbox for potential security enthusiasts to start poking around this new technology, finding issues, finding bugs," said David Endler, the chairman of VoIPSA, an organization formed by vendors and carriers to keep ahead of just that sort of activity.

Almost everyone involved with VoIP security targets SPIT as the logical extension of spam – the garbage that's crammed into our e-mail on an hourly basis. Spam can slow down or destroy an IP network, often causing more than inconvenience when peppered with wormy attachments that are more infected than a chicken with bird flu. SPIT – and here's the really scary part – besides clogging voice mail boxes opens up a backdoor to solicitors who had millions of phone numbers shut off to them, thanks to the Do Not Call Registry.

Cousin Spyware

SPIT is a cousin to another IP aggravation – spyware. Using a script kiddie even a neophyte can download a hacking device from the Internet and use it to gather information from an IP connection. This kind of capability hasn't yet emerged for VoIP, but it's coming, experts say; and the ingenuity of those who wish to disrupt service for malice or personal gain is limitless.

VoIP security guys are finding that what worked to stifle (albeit never stop or control) Internet bandits won't work with VoIP.

"The problem with SPIT is many of the same techniques we use for e-mail can't work. You can't use access control limits. Content filtering? There's no content to filter here," said Seamus Hourihan, vice president of marketing and business development at session border controller vendor Acme Packet. "The call gets sent from a signaling perspective and someone starts to speak and only then will you know that it's somebody you don't want to talk to."

It could even be a spoof; someone who got hold of someone else's IP ID. In the traditional phone world "do not call" lists block unwanted solicitors. VoIP's too new to have those kinds of protections so VoIP phone numbers – when identified as such – are fertile ground. And with automation, it's not even necessary to be on the other line to make the call.

"It will be a big problem," said Hourihan.

The biggest positive is that VoIP has a foundation on which to build. Internet hooliganism was differed from the old attempts to steal phone or cable TV service. It was more malicious and frequently random. It also provided a base on which security experts can build a wall against movement into the VoIP space.

Inherit the Risk

"VoIP networks inherit all the same security risks that today's traditional data networks are plagued with," said VoIPSA's Endler, whose day job is director of security research for 3Com's TippingPoint division.

A VoIP second cousin, Wi-Fi, can also be helpful in the battle against SPIT and other VoIP malevolencies.

"A few years ago everyone jumped on the Wi-Fi bandwagon and in the beginning not a lot of people were worried about privacy; it was really more about convenience," Endler said. "Then, as research was done into the technology and the mass of script kiddies were released … there are tools out there today that let anyone with a laptop download a tool to sniff wireless connection. Those tools didn't exist a few years ago, but it's just a natural progression of technology."

Not all ingenuity is devious, and corrective tools tend to emerge to fill real needs. But it's a sure thing that VoIP security woes won't end with dried-up SPIT.

What comes after SPIT? How about VOMIT – Voice Over Misconfigured Internet Telephones)? But that's a subject for a later time, perhaps to read over the morning breakfast.

-Jim Barthold

Ringback Tones and/or VoIP Quality

One would think that just getting a good, secure VoIP call would be enough. In fact, the security experts who spat out their opinions in this week's lead story would almost certainly support that contention. For BayPackets, an IMS-compliant multi-network voice and data solutions provider for wireless, wireline and cable operators, it's not necessarily so.

The Fremont, Calif.-based vendor has introduced multimedia ringback tones, which let callers use recorded music, sounds or video clips – obviously with video phones – to replace the typical ring or busy sound callers hear when they dial in. "It could be for VoIP. It could be for mobile," said Sanjeev Chawla, BayPackets' CTO. "The media aspects of it would be managed by RealNetworks while we would take care of the softswitches, the whole control aspect of the application."

This, of course, leaves it for phone companies to insert Lily Tomlin's snickering, "We're the phone company," as their ringback tones while cable operators chime in with, "It's the cable guy."

Quality Implications

Ditech Communications, which approaches VoIP from another angle, has made available a Voice Quality Evaluation Program – a new network advisory program – that lets carriers identify and remedy network impairments that affect the sound quality of mobile and voice-over-IP calls, even as the telecom industry struggles to just complete the calls in a timely and efficient manner.

"I call it the crawl, walk and run strategy," said Chalan Aras, vice president of marketing at Ditech. "Right now voice-over-IP is in the crawl pace and just keeping up a call is considered success. That appears to be the benchmark. As voice-over-IP attempts to become more mainstream, quality is becoming an issue."

Ditech is "indirectly working with cable because some of our customers are the peering partners for cable companies." In other words, some of Ditech's non-cable customers might have better quality on their VoIP networks than the cable guys? "The cable networks are a set of constituents that would benefit from our voice-over-IP products," Aras said, making that implication pretty clear.

-Jim Barthold




MORE NEWS
SERVICES

Read about the winners of CableFAX: The Magazine's 2008 CableFAXIES Awards, and find out who's working at the top of their game in cable PR and marketing.




Reprint Inquires for CableFAX: The Magazine, please contact Lyndsay Bahn lyndsay.bahn@theYGSgroup.com 717-666-3052.

For extra copies of CableFAX: The Magazine, please contact clientservices@accessintel.com or 800-777-5006.







       

Add a Comment

Name:
Email:
Comments:

Please enter the letters or numbers you see in the image.
 
   Your message will be reviewed before it is posted


  AWARDS


CableFAX: The Magazine Top Op Awards

Honoring the winning picks of Cable's top MSO and Independent Operators.

See our top picks and be sure to place your advertising to reach this top audience in CableFAX: The Magazine's annual Top Ops issue, July 26, 2009.

Ad Close: July 9
Artwork: July 13

View 2009 "Top Ops" Winners and See Ad Rates 

The Top Ops Issue will include a Special Report
profiling Faith & Values Programmers


  WEBINARS
Wireless: The Next Five Years
July 16, 2009
[Register]

Fiber Optic Access: RFog and PON Update
July 30, 2009
[Register]

The "TV Everywhere" Debate: Will Authentication Save the Online Video Model?
June 17, 2009
[Register]

Advanced Advertising: Next Steps
Now Available On Demand
Free Webcast - Presented by Communications Technology
[On Demand]

How Cable Can Monetize Web Video, Social Networking & Other Online Activities
[On Demand]


  EVENTS
CableFAX Onsite Workshop
Social Media Bootcamp
July 16, 2009
New York
Register Now


CableFAX 
Sales Executive
of the Year
Awards and
Sweet 16
Breakfast

June 11, 2009 Grand Hyatt
New York


 
  E-LETTERS
Sign-Up Today!

The Skinny from CableFAX
Cable news in a quick-read format

Cable360 Direct
industry news and updates

CT Reports
developments in voice, video, & data 
INSIDE
CABLE360.NET:
Business
Programming
Technology
Competition
Calendar
Resources

AWARDS, E-NEWSLETTERS, EVENTS & SPECIAL ISSUES
Award Programs
E-Newaletter & Subscriptions
Events
Webinar From CableFAX
Webinars From Communications Technology
CableFAX: The Magazine
Special Issues from Communications Technology

INDUSTRY JOBS & OPENINGS:
 

PUBLICATIONS AND RESOURCES
CableFAX Daily

CableFAX.com

Communications Technology

CableFAX: The Magazine
  Home | Business | Programming | Technology | Competition | Minisites | Webinars | Calendar | Jobs | Resources
Subscribe | Contact | About Us | Privacy & Terms | Advertising | Site Map
CABLE360 © 2009 Access Intelligence LLC. All Rights Reserved.