Saturday, May 22, 2004
VOIP, Webcams and Voyeurs?
One of the elite technical folks that I work with mentioned, almost casually, to me the other day that he thought someone had found out how to turn on cameras attached to PCs without the user being aware. It doesn't take more than 1/2 a second to think of the damage that such a hack could cause if it's true. I guess there's some vulnerability in instant messenger software or similar that lets you remotely activate the camera - and spy in on whoever is doing whatever they're doing. I don't have a webcam on my PC. I guess I won't be getting one. That got me wondering about the new trend for Voice over IP telephony, or VOIP. This is becoming a big deal in the USA now with major carriers offering it. When I first used it, the software was available from a little company called Camelot (I think there were 2 or 3 others) with a Nasdaq ticker that I remember flying through the roof regularly (just checking now, it's trading at $0.006). The sound quality was crap, but it felt weird to talk to someone in Seattle through your PC microphone. That was 1993 or 1994 - when my Compuserve ID was a couple of numbers in square brackets and my email address was the same and, I think, 28.8k modems were as fast as they got. Later, maybe 1999 I tried it with a camera and spoke to the same person in Seattle with a 1 frame per second update rate over a 56k modem. Today, the technology actually works. The flaw in broadband for me so far has been that I need to pay for a phone line in the first place - so the real cost of broadband is not the £30-50 a month that the telcos quote, but that plus the phone line rental. Since about 1995 I have been totally reliant on mobile phones and haven't needed a land line - just like I haven't needed a television. But, with VOIP you need, technically, never see another phone bill beyond the line rental ever again, depending on how the carrier bills you. If BT get their bluephone off the ground, then you'll have a mobile phone that goes Wifi/VOIP in the house and GSM out of the house or, for that matter, Wifi/VOIP whenever it can connect to a Wifi network even if it isn't yours (which makes me wonder about SSIDs, WPA, WEP and all that and how it will work on a phone, let alone how they'll make battery life long enough - after all, 3g phones still seem to run out of batteries just after you turn them on). With emerging VOIP, I wonder how long it will be before hackers are exploiting weaknesses in "phone security" to tap into calls people are making - maybe even re-routing them in flight and crossing over calls from one person to another so that, say, they hear their own voice or their call is passed to someone else. The security services are going to want to do that so that they can continue to use Echelon or whatever to tap calls, so the hackers will certainly find ways. If they can suck data off your mobile using bluetooth without you even knowing, how hard will it be to hack the VOIP network? Or to use backdoors in VOIP to get at your PC? Ugh.
Posted by Alan at Saturday, May 22, 2004