A Cambridge University professor has warned that Voice
over IP applications could be used to cloak networks of zombies and
launch denial of service (DoS) attacks.
Jon Crowcroft, Marconi professor of communications systems at
the university, suggested botnets - PCs infected by a virus and put
under malicious control - could be controlled and orchestrated by
messages hidden in VoIP traffic generated by programs such as
Skype.
Crowcroft revealed the technique at a networking think-tank
funded by Cambridge and the Boston-based MIT Institute.
"If someone were to use a VoIP overlay as a control tool for
attacks, it would be much harder to find affected computers and
almost impossible to trace the criminals behind the operation," he
says.
Although such an attack has not yet been detected in actual use,
Crowcroft believes it is only a matter of time. The Communications
Research Network think-tank’s working group on internet security
has already raised the issue with VoIP providers, and the ‘attack’
is likely to increase the concern of enterprise IT staff towards
applications such as Skype.
Crowcroft wants Skype to publish its routing specifications, so
IT managers can work better with the application, tracking it and
checking its behaviour.
Despite its obvious cost advantages, VoiP (and especially Skype)
continues to be a security concern. There is still too much hype
about the cost benefits, and not enough realisation about the
security risks.