VoIP vulnerable to phishing attacks, expert warns

Banks and other companies switching their phone systems to VoIP (Voice over Internet Protocol) are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools, a security researcher warned Wednesday.

“People will be able to penetrate bank networks and hijack their phone lines,” said an independent security researcher, known by his pseudonym The Grugq, in an interview. VoIP is becoming increasingly common as companies and operators look to the technology to help cut costs, which makes them more vulnerable to attack, he said.

The Gruqg, who spoke this week at the Hack In The Box Security Conference (HITB) in Kuala Lumpur, Malaysia, said VoIP phishing attacks will emerge by the end of this year. The attacks will allow hackers to steal personal data, including credit card numbers and bank account information, and there is little security managers can do to stop them.

“Theoretically, you phone up your bank and the customer service line has been taken over by hackers,” The Grugq said.

In this scenario, the customer would be asked by the hacker to enter personal banking information before being passed on to an actual bank customer-service representative.

“There’s no security technology out there that companies can deploy to fix this,” The Grugq said, noting that existing intrusion-detection systems are not capable of detecting when a VoIP attack takes place.

During his presentation at HITB, The Gruqg announced the release of alpha code for SIPhallis, a tool he wrote that allows security managers to manage SIP (Session Initiation Protocol) VoIP packets on their networks. “It gives you an interface to create and send VoIP packets; it also allows monitoring of VoIP packets,” he said, adding the application can also be used to inject packets into a VoIP stream.

Existing softphone or PBX software is all that is required for hackers to launch a VoIP attack, The Grugq said.

HITB runs through Thursday, Sept. 21.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Stemming the tide of cybercrime

By: Derek Manky Technology continues to play a significant role in accelerating...

Power through a work-from-anywhere lifestyle with the LG gram

“The right tool for the right job” is an old adage...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now