Wired has a brief note about VoIP and AJAX security, and mentions that over twenty tools are freely available that can trash and hack a VoIP call.
The current crop of VoIP softphones (Free World Dialup and the like) are too limited in extent to be of much interest to criminals. But now that Skype can outdial to the PSTN, clearly it’s only a matter of time before we see the first widespread outbreak of SPIT (spam over Internet Telephony). Imagine the joy of receiving pre-recorded telephone messages selling dubious finanacial instruments and poisoness body-part enhancers.
I have to admit that there’s a bright side. PSTN calls cost money, and people who allow their systems to become infected with SPIT viruses will at least pay for their carelessness. Or cluelessness.
Now comes the hard part, which is defining a solution. Unfortunately, despite the incredible utility of softphones, there isn’t a client-side cure. Any piece of software that runs on your system can be subverted by a virus. VoIP providers are in the best position to police their systems and they will have to carry much of the burden.
In the case of the PSTN, VoIP providers will have a monetary incentive because of the howls from infected users. Once networks switch over to pure VoIP everywhere and the PSTN withers away, VoIP will be part of base ISP service (like email is today), and the volume of SPIT may very well drive the telephone into uselessness. In other words, unless this problem is solved, true VoIP — limitless and free — will never prosper unless we solve the SPIT problem.