A Cambridge University professor has warned that Voice over IP applications could be used to cloak networks of zombies and launch denial of service (DoS) attacks.
Jon Crowcroft, Marconi professor of communications systems at the university, suggested botnets - PCs infected by a virus and put under malicious control - could be controlled and orchestrated by messages hidden in VoIP traffic generated by programs such as Skype.
Crowcroft revealed the technique at a networking think-tank funded by Cambridge and the Boston-based MIT Institute.
"If someone were to use a VoIP overlay as a control tool for attacks, it would be much harder to find affected computers and almost impossible to trace the criminals behind the operation," he says.
Although such an attack has not yet been detected in actual use, Crowcroft believes it is only a matter of time. The Communications Research Network think-tank’s working group on internet security has already raised the issue with VoIP providers, and the ‘attack’ is likely to increase the concern of enterprise IT staff towards applications such as Skype.
Crowcroft wants Skype to publish its routing specifications, so IT managers can work better with the application, tracking it and checking its behaviour.
Despite its obvious cost advantages, VoiP (and especially Skype) continues to be a security concern. There is still too much hype about the cost benefits, and not enough realisation about the security risks.