Page last updated at 11:40 GMT, Wednesday, 14 May 2008 12:40 UK

Identity fraud hits net telephony

Woman using voice-over IP
More people are making calls over the net

A new type of identity fraud, which sees hackers tapping into voice-over IP telephony accounts, has been highlighted by a VoIP equipment maker.

Usernames and passwords from voice-over IP (VoIP) phone accounts are selling online for more than stolen credit cards, Newport Networks has found.

The information allows someone to use the telephone service for free.

Net telephony fraud is still in its infancy, with eavesdropping on calls being the most common security flaw.

Capturing accounts

But the move into stealing usernames and passwords which are routinely sent across the network when a call is made, is a worrying new trend thinks Dave Gladwin, vice president of products at Newport Networks.

"It is still at an embryonic stage but as voice adoption increases it becomes more of a problem and needs addressing," said Mr Gladwin.

The details are not sent as plain text but are encoded in such a way as to be "easily captured and unobscured", said Mr Gladwin.

Credit card details have been traded fairly openly online for some time and can be bought for around $12 (6) each. VoIP account details fetch a slightly higher price, at $17 (9), according to Mr Gladwin.

The problem is less of a issue for businesses which routinely offer voice-over IP services for their employees because users are tied into a secure corporate network.

But for consumers, relying on public or unsecured home wi-fi networks, there is more of an issue.

"90% of carriers don't offer a secure VoIP service," said Mr Gladwin.

He estimated it would cost around 2/3 per subscriber for service providers to instigate the additional level of security needed.

"Most of the software out there has the capability of running in secure mode if the service providers would accept it," he said.

VoIP provider Skype said its service, unlike some of its rivals, offered end to end encryption.

"It doesn't matter whether I'm on an open wireless connection, there is no way someone could get hold of my username or password," said Jonathan Christensen, general manager of audio and video at Skype.

He accepts there are security issues facing the industry, especially for providers that use "less robust security mechanisms" but he questions how big a draw a free VoIP account would be for net criminals.

This is a view shared by Jupiter analyst Ian Fogg.

"I have not seen security issues with VoIP as a big issue. This is partly because such services aren't that mainstream and therefore have not been targeted by criminals in the way that e-mail and online banking services have," he said.

Emergency rules for net telephony
07 Dec 07 |  Technology
Voiping the outback
12 Mar 08 |  Technology
The cost of calling from abroad
18 Jan 07 |  Technology
Net phone service rules announced
29 Mar 07 |  Technology
Sony handheld to offer net calls
23 May 07 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific