[VOIPSEC] Soft phone as trojan horse
Lee Dilkie
lee_dilkie at mitel.com
Wed Sep 6 06:00:12 CDT 2006
mailinglist wrote:
> The point is: If you are using a unknown protocol, there is no one (who you
> can trust) who can cross check if that tool is doing something bad.
>
> For example. Skype protocol is still a secret. How can you tell they are not
> abusig their user database? Ok they are big company now, but they started
> very small and hungry and maybe there are still backdoors open.
>
> If you publish a SIP soft phone that is doing dirty things, it is much more
> likely that someone sits down and checks what this phone is actually
> transporting out of your computer. Because he can do that.
>
There's nothing preventing a SIP soft phone (or hard phone for that
matter) from doing some very un-SIP like things. Having an open protocol
means very little to your overall security if, as your premise seems to
be, you cannot trust your vendor. Since this has little to do with soft
phones, SIP or otherwise, but is just a general "I can't trust any
software" position, I suggest you remove the source of your problem
(your computer).
-lee
More information about the Voipsec
mailing list