Last January 04, we submitted an article entitled "The Top Seven Threats To Your Computer in 2007" and we listed Voice over IP (VoIP) as the number four threat. Two weeks later, the Computerworld website came out with an article entitled "VoIP Soon To Be A Target Of...Hackers". For those of you who are unfamiliar with Computerworld, it is a website targetted more towards advanced computer users ("geeks" is the industry-standard appellation).

VoIP is not an entirely new technology, in fact it has been around since the mid-1990's. At that time, home internet users mostly connected through dial-up and the maximum speed was 56Kbps. High speed connections were limited mostly to big businesses who paid, what by today's standards are, ridiculously high fees for dedicated connections. High speed connection was a prerequisite for good quality connections, otherwise the connections would be choppy when done through dial-up.

Nowadays, with broadband internet affordable for households and businesses around the world, VoIP has become a common internet staple. Internet providers and telecommunications companies are falling over each other offering competitive pricing for VoIP. Basically, the use of VoIP has become widespread enough that spammers and cyber criminals want in on the action.

The weaknesses of VoIP is in its very infrastructure and the protocol it uses in order to transport the voice data. It comes as no surprise that hackers are savvy enough to exploit these. Without getting into technical details, VoIP's weakness figure prominently in its inability to adapt with some older and existing firewalls. For those of you who are not familiar with firewalls, they can either be hardware or software applications that secure your personal computers and/or your networks from unwanted traffic.

Needless to say, without a straightforward way to secure your voice data, they can easily be exposed to any form of intrusion. The Computerworld article mentions that it is extremely easy to listen in on a call. And on the other end, it is also not at all difficult to inject noise or spam into a conversation. This practice of injecting spam is already being practiced enough to earn it the term "spit".

This practice of "spit" has attracted not just the spammers' attention, but the scammers as well. The same article identifies hackers using a particular phishing exploit to imitate the interactive voice response system of actual companies. Imagine yourself using VoIP to call your bank's automated voice response system to carry out some transactions but in reality, you are interacting with a scammer's system. Can you say identity theft fast enough?

Security appliances and applications on the providers' level is available, but implementing them correctly is the challenge that they face. There are many corporations these days who forbid their personnel from conducting sensitive conversations via VoIP, Hewlett-Packard for one. As a home user, you can take a cue from this type of corporate policy. Most banks and other financial institutions provide toll free numbers, so it is still safer to use the old conventional way of picking up the phone and doing your phone transactions this way.

There is nothing more convenient and fun to talk to relatives and friends in faraway places over the computer, but it is another thing to have your finances wiped clean by cyber criminals. And the threat is certainly real.