Daily Yomiuri Online carries news of a group of telephone scammers in Tokyo brought to book who were using Voice over IP telephony services as part of their operation.

I want to point out here that, like most other comminication technologies, VoIP can be used by criminals. That doesn’t make VoIP a ‘criminals tool’ or any such thing but those who break the law are often liable to utilise legitimate tools for nefarious purposes.

While the article doesn’t actually detail what the nature of the scam was, it is noted that the scammers were using VoIP to ‘conceal’ their true location. They used a VoIP service through NTT docomo’s network which allowed them to place calls remotely as if they were originating from Tokyo’s ‘03′ area code.

Ultimately, the scammers were not very sophisticated and were traced through NTT docomo. It does however bring to attention the fact that more advanced scammers could operate from outside the country in which the scam is being perpetrated and there ought to be future work on the best methods for securing VoIP networks against this sort of criminal activity.

An article in New Scientist reports that ISP’s intentions to use a compression technique to reduce the bandwidth required for VoIP calls could pose a significant eavesdropping threat to users.

The issue lies in the way the ’sounds’ of a conversation are compressed.

…the sampling rate is kept high for long complex sounds like “ow”, but cut down for simple consonants like “c”. This variable method saves on bandwidth, while maintaining sound quality.

Simply by analysing the encrypted stream for the difference between the sizes of the packets, researchers at John Hopkins university say they can identify entire words with a high degree of accuracy.

The John Hopkins team hope that they have caught this threat in time but I think it will take a good deal of shouting about it for the ISPs to take notice and change their planned deployments.

Martin Sauter for WirelessMoves has written a brief article highlighting the risks of using unsecured VoIP services on public WiFi hotspots.

He points out that quite often, by default, your communications over a public WiFi hotspot are not encrypted and that goes for the voice stream too which could be passively lifted from the airwaves and replayed.

What do you talk about on your Voice over IP calls and would you be concerned if a third party knew?

Robert Vamosi has an article over at CNET which describes how, if you don’t pay attention when developing your corporate network security, VoIP devices can expose your business to outside threats.