Hackers are in the early stages of targeting voice-over IP telephony accounts according to one VoIP equipment maker.
Private information, including usernames and passwords from VoIP phone accounts are being sold online for more than stolen credit cards Newport Networks says. The information lets hackers use the telephone service for free.
Stealing usernames and passwords when a call is made is a troubling trend to Dave Gladwin, vice president of products at Newport Networks. “It is still at an embryonic stage but as voice adoption increases it becomes more of a problem and needs addressing,” Gladwin told the BBC. The information is encoded but can be “easily captured and unobscured,” said Gladwin.
Credit card information can be purchased online for around $12 each. VoIP account details sell for a moderately higher price at $17. The problem is an issue for people who use public or unsecured home Wi-Fi networks.
The majority (90%) of carriers don’t provide a secure VoIP service according to Gladwin. He says it would cost about $4 to $5 per subscriber for service providers to add more security.
“Most of the software out there has the capability of running in secure mode if the service providers would accept it,” he said.
VoIP provider Skype said it offers complete encryption. “It doesn’t matter whether I’m on an open wireless connection, there is no way someone could get hold of my username or password,” said Jonathan Christensen, general manager of audio and video at Skype.
He admits there is security issues within the industry but wonders how popular a free VoIP account would be for hackers.