Hackers to attack VoIP in two years

Hackers will attack voice over IP (VoIP) telephone conversations with spam and malicious code within two years, equipment manufacturer Nortel has claimed.

Companies using VoIP and other multimedia services, such as videoconferencing, should plan to defend against unsolicited adverts appearing mid-conversation, the company said.

Atul Bhatnager, VP of enterprise networks, said: "VoIP attacks are still at an early stage but as hackers become more savvy you'll see similar things as on the data side; denial-of-service attacks or spam on VoIP.

"I would say [this will occur] in the next two years as adoption is increasing. This is the right time to put the defences in place as the use of VoIP will be rigorous over the next two or three years. We've learned a lot of lessons on the data side which can be applied to the voice side."

VoIP carries a call over a data network rather than only over a telephone providers' traditional circuit-switched network. This can cut the cost of phone calls for businesses, which has made the technology attractive to some. But questions around the security of VoIP remain unanswered.

Bhatnager said that deep-packet inspection - a method of checking every IP packet entering a network for unusual properties, in much the same way airport security checks every passenger - is an essential part of protecting networks against VoIP attacks.

But VoIP is not the only target for the future, he added, as videoconferencing over IP networks could be hijacked in the same way as voice and data services.

He added: "VoIP is the first phase – video is right behind. You'll be watching a video screen and all of a sudden it's hijacked and you are watching an ad. If you can do it on data you can do it on VoIP. People will marry individual tastes and preferences and use it for intelligent spamming."

Security experts agree VoIP attacks are likely to occur in the next two years. Paul Simmonds, global information security director at ICI, said the timescale is accurate.

He told silicon.com: "We're not seeing that because we aren't using it. But for any technology that has achieved critical mass for a hacker to take interest - sure.

"When instant messaging is joined together, we will see a lot more [of that] targeted. When you get that in VoIP - and he is right about a two-year timeframe - you will see that as a target.

"I'd say get your act together now and be prepared."

But some vendors are not convinced the attacks will be as serious as Nortel predicts.

Joel Horowitz, vice president of Masergy, a voice and video network provider, said: "It's possible but it's going to be limited to the people who have the resources - it'll be governments [doing it]. The minute it starts we'll find a way of stopping it happen. I think we'll start encrypting everything."