Voice technology leaks data online
Whether it's a casual interaction or a business meeting, people assume that the person they are speaking with is the only person who will have access to the conversation.
Whether it's a casual interaction or a business meeting, people assume that the person they are speaking with is the only person who will have access to the conversation. Even in an online setting, chat logs and video conferencing connections should be encrypted or have some form of privacy control, whether consumers intend to use them or not. The issue is when these protections are activated and data protection still falls through the cracks.
These threats occur sometimes due to a user sharing credentials or otherwise being careless with passwords and other tokens, but there are other cases where software updates may be at fault. In others, the provider itself may not be taking proper precautions to safeguard information, resulting in server security issues. Regardless of the reason, recent issues with popular Voice over Internet Protocol (VoIP) and web chatting tools have resulted in serious concerns for users.
An unexpected audience
A leader in casual chatter, Skype has been using webcam and microphone technology to connect friends, families and co-workers for years. The service is available for free or through a subscription service, and users can choose the tools and settings they want to use in order to customize the entire experience. Data security procedures have always been as basic as creating a password-protected account and specifying whether a basic or encrypted connection is desired, with much of the service remaining casual in nature.
However, ZDNet reported recently that an issue with a software update from the company had resulted in buggy chat communiques. Several users reported that, thanks to what appeared to be a lack of data protection from the provider, privacy issues were sprouting up when messages intended for one audience were sent at the wrong time, re-transmitted or sent to someone not included in the original chat.
Some users pointed out that those receiving messages erroneously had no connection on the social networking site apart from themselves. There was no endpoint-user fault at play to cause these transmissions to jump from one contact to the next, sharing information unintentionally. Leonas Sendraukas of Skype explained in a blog post that the issue was most likely due to the software failing in the middle of transmission, causing the chat text to bounce from one contact to the next during the restore process.
VoIP vulnerability
There are times, however, that a company recognizes a server security issue in time to release updates that protect user privacy and security. These errors in programming, while somewhat annoying to consumers, can be easily exploited by hackers when the loopholes in security become apparent.
Cisco Systems, a leading vendor of online and voice networking software and equipment, recently put out a patch for several of its program suites that the company identified as having major weaknesses. ESecurity Planet reported that the company had identified 10 unique threats to data security within the framework of its VPN systems several months ago, but has taken this long to release an official statement on the issue so that patches could be issued to clients. Doing this before the public was made aware of the problem may have helped deter a zero-day incident that would have proven more harm than good for Cisco's customers.
According to Cisco's statement, the possibility for a hacker to infiltrate an IP and bypass standard security was such that it could have resulted in a complete denial of service for some clients, while others simply could have had data unknowingly harvested from these connections.
"During a malicious attack, any website that hosted a copy of the vulnerable component could masquerade as a trustworthy site and attempt to convince the user to instantiate the vulnerable component," reported a Cisco security update in an InfoWorld article.
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet