[VOIPSEC] SPIT and vishing

Martyn Davies Martyn.Davies at dialogic.com
Wed Jul 23 12:09:55 CDT 2008 

Mobile VoIP generally lets you do one of two things:

(a) talk to others in the same closed VoIP island (e.g. Skype), for a low cost, or free
(b) interconnect with conventional PSTN numbers at a per-minute charge

So the threat of spamming is not great for (a) because you can't spam the World in general (or even people at other VoIP services) because the service is not interconnected.  In a closed service it's probably more likely that a spammer will be detected and shut down.

The threat of spamming for (b) is governed by the same economics as potential PSTN spammers today (e.g. cold calling, predictive dialers etc). That is, since you have to pay well for each call, you'd better be able to get some kind of return on your investment, for example trap some suckers into making an investment in your worthless stock or land scheme.

The real threat comes when calls are free (or a low, flat-rate) and can interconnect to anywhere.  Then SPIT becomes like email spam, where you can send millions of messages for a dollar, and even a tiny response rate will give you break-even.

Regards,
Martyn Davies
Dialogic 

-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On Behalf Of juanramon.cayon at unavarra.es
Sent: 23 July 2008 17:50
To: voipsec at voipsa.org
Subject: Re: [VOIPSEC] SPIT and vishing

Hello everyobdy, my name is JuanRa and i'm researching about VoIP security
(lil more about me here --> http://www.linkedin.com/in/juanra) and this is
my first message to the list

just wanted to add/ask something about this comments on SPIT.

Andrew posted Dan's comment:

> But until the time
> comes when: a) there are tons of SIP servers exposed on the Internet;
> and b) those servers allow connections from random SIP endpoints...
> until that time, there's not a huge market potential for someone to
> bother setting up a SPIT operation.

ok, maybe it's just my ignorance about how things really work here in
VoIP (i'm new on this) but regarding two facts:

 - VoIP and mobile telephony integration
 - existing bluetooth-spreadable viruses

don't they shape an attractive enough scenario to bother setting up a SPIT
operation?


--------
Juan Ramón Cayón Alcalde
Departamento de Automática y Computación
Universidad Pública de Navarra
Campus Arrosadia, 31006 Pamplona (SPAIN)
Tel: +34 948 166050  Fax: +34 948 168924
e-mail: juanramon.cayon at unavarra.es





_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list