Editor’s note: This is the second part of a three-day series on Internet telephone services.
Associated Press
NEW YORK – After four years of pondering, Bruce Stevens is finally ready to buy a service for making phone calls cheaply over the Internet.
The New Orleans graphics designer just isn’t ready yet to rely on it as his sole means of communication. He’ll keep his cell phone, even if it means an extra $60 a month.
“Since it’s all brand new, there are always unexpected things – things you never would have dreamed would be a problem,” Stevens said. “You could mark me down as having a slight fear of the unknown.”
A computer virus, for instance, could knock out Internet service – and with it the phone line. An Internet service provider that happens to be the local phone company might decide to cripple the technology entirely.
Cheap as they may be, Internet-based phones carry risks not encountered with conventional telephone and cell-phone services.
“Just think about how often your home Internet connection goes down as compared with your conventional home telephone system, which almost never goes down,” said Rick Kuhn of the National Institute of Standards and Technology.
Voice over Internet protocol, or VoIP, phones break voice signals into small data packets that travel the Internet just like e-mail or Web pages. But unlike conventional phone calls, which are carried over dedicated circuits, data packets can traverse several networks and devices before getting reassembled into sound at the destination.
“There are so many moving parts involved, and each of those individual devices has to be functioning at a 100 percent level,” said Gerhard Eschelbeck, chief technology officer at security vendor Qualys Inc.
Johannes Ullrich, chief technology officer at the SANS Institute’s Internet Storm Center, says the complexity introduces more points of attack, from the Windows computers that run software for some phones to the routers where traffic gets handed off from one network to another.
But that doesn’t concern him too much, Ullrich said.
“It’s cheap enough where I’m willing to take the risk,” he said via his Internet phone.
Nor does it faze Mike French, who got VoIP service in December and will soon dump his conventional phone.
“I don’t expect to have privacy. I don’t say things or do things that I wouldn’t be afraid to say out in the open,” the Huntsville, Ala., electrical engineer said. “If this were my only phone, the security risks would be a big concern, but we do have three other cell phones in the house.”
Security risks with Internet phones can be divided into two broad categories.
The first affects other types of Internet applications as well. A virus could bring down a company’s network, meaning no phone calls, either. And if spammers can flood inboxes, couldn’t they also automate telemarketing calls?
Then there are risks unique to Internet phones.
A hacker might trick a phone into obtaining a software update from a rogue server, or toss a fake “hang-up” command into the data flow.
Some services let you take phones on vacation, and hackers might decide to trick the system and redirect your calls to them instead.
Though these attacks would be difficult to perform today, security experts believe that as Internet phones become more popular, hackers will have greater incentive to develop tools for automating such attacks – just as they have with viruses and other computer threats today.
As for reliability, phone providers are still trying to make their systems fully compatible with 911. In some cases, phones might ring a nonemergency number or fail to provide caller ID details such as location, which is crucial when a caller can’t speak.
In March, a group of VoIP vendors and security researchers formed the VoIP Security Alliance to research such issues and develop countermeasures.
Many customers see VoIP only in terms of costs and convenience, and the group will try to raise awareness about security, said its chairman, David Endler.
Coming Friday: A look at what the new technology means to consumers.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.
