Arrow-right Camera


Internet phone service comes with a few mixed signals

Thu., April 14, 2005

NEW YORK — After four years of pondering, Bruce Stevens is finally ready to buy a service for making phone calls cheaply over the Internet.

The New Orleans graphics designer just isn’t ready yet to rely on it as his sole means of communications: He’ll keep his cell phone, even if it means an extra $60 a month.

“Since it’s all brand new, there are always unexpected things, things you never would have dreamed would be a problem,” Stevens said. “You could mark me down as having a slight fear of the unknown.”

A computer virus, for instance, could knock out Internet service — and with it the phone line. An Internet service provider that happens to be the local phone company might decide to cripple the technology entirely. Or 911 might not work properly — something callers wouldn’t think to check until they need it most. Eventually, eavesdropping could also be a serious concern.

Cheap as they may be, Internet-based phones carry risks not encountered with conventional

landline and cell phone services.

“Just think about how often your home Internet connection goes down as compared with your conventional home telephone system, which almost never goes down,” said Rick Kuhn, a computer scientist at the National Institute of Standards and Technology, which recently published a study warning of such dangers.

But few customers are even aware of the potential for problems, said Mark Rasch, senior vice president at security company Solutionary Inc. Although people were initially wary about cell phones, he said, Internet-based calling “is perceived as picking up the same phone, making the same call, just using a different service.”

Take Peter John, who was lured by the prospect of unlimited domestic calls for about $32 a month — half of what he was paying SBC Communications Inc.

He and his wife were both bleeding from gunshot wounds inflicted in an armed robbery at home by the time his teenage daughter realized their Internet phone wasn’t activated for 911.

John had always assumed, “If the phone works, 911 must work.” The Houston couple has since bought a cell phone just for emergencies.

Voice over Internet Protocol, or VoIP, phones break voice signals into small data packets that travel the Internet just like e-mail or Web pages. But unlike conventional phone calls, which carried over dedicated circuits, data packets can traverse several networks and devices before getting reassembled into sound at the destination.

“There are so many moving parts involved, and each of those individual devices has to be functioning at a 100 percent level,” said Gerhard Eschelbeck, chief technology officer at security vendor Qualys Inc.

Johannes Ullrich, chief technology officer at the SANS Institute’s Internet Storm Center, says the complexity introduces more points of attack, from the Windows computers that run software for some phones to the routers where traffic gets handed off from one network to another.

But that doesn’t concern him too much, Ullrich said. “It’s cheap enough where I’m willing to take the risk,” he said via his Internet phone.

VoIP providers say conventional phone networks have problems, too.

Engineers simply have designed ways around them so customers never know, said Bryan Martin, chief executive and chairman of 8x8 Inc. VoIP networks will get as robust over time, he said.

Of the potential threats, the chief technology officer of Vonage Holdings Corp. is worried most about tapping in for free calls. But Louis Mamakos said fraudsters are more likely to open new accounts with stolen credit cards than to figure out how to crack the service’s validation scheme.

Yet Mamakos understands the fears.

“It’s a bit of an unknown to people, so people are going to be skeptical,” he said.

Security risks with Internet phones can be divided into two broad categories.

The first affect other types of Internet applications as well. A virus could bring down a company’s network, meaning no phone calls, either. And if spammers can flood inboxes, couldn’t they also automate telemarketing calls?

Then there are risks unique to Internet phones.

A hacker might trick a phone into obtaining a software update from a rogue server, or toss a fake “hang up” command into the data flow — perhaps as a caller is trying to land an important job interview.

Some services let you take phones on vacation, and hackers might decided to trick the system and redirect your calls to them instead.


Click here to comment on this story »