VoIP security not so hot

I must confess I've dabbled with VoIP technology on and off since the late 1990s, ever since the first VoIP hardware cards became available.

Since software-based codec technology started to become available, I've used - and discarded - a number of services. These days, even though I have VOIPCheap and Skype installed on my PCs, I rarely use them because of the variable call quality involved.

Now it appears that VoIP is even more flawed than I previously thought, as a group of Cambridge University experts, have discovered a security flaw with the technology.

The flaw, according to Communications Research Network (CRN), could allow Internet crackers and hackers more chances of covering their tracks.

According to CRN, VoIP applications, such as the client software from the likes of Skype and Vonage, could provide excellent cover for launching denial of service attacks.

CRN says that the scale of the problem is difficult to assess, as many attacks go unreported because organisations "do not want to undermine client or employee confidence in their network security."

Despite this, the research group says that denial of service attacks now number into the thousands, and the resultant zombie attacks number into the millions.

CRN claims that VoIP applications provide traffic cover for denial of service attacks owing to the fact that VoIP effectively run continuously over a TCP/IP transmission path. This, says the research group, makes it almost impossible to trace the source of an attack when it occurs.

On top of this, the group says, data encryption (used for user privacy) and superpeer systems (which assist with call routing) further obscure the source of the attacks...