Banks and other companies switching their phone systems to voice over IP (VoIP) are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools, a security researcher warned Wednesday.“People will be able to penetrate bank networks and hijack their phone lines,” said an independent security researcher, known by his pseudonym The Grugq, in an interview. VoIP is becoming increasingly common as companies and operators look to the technology to help cut costs, which makes them more vulnerable to attack, he said.The Grugq, who spoke this week at the Hack in the Box Security Conference in Kuala Lumpur, Malaysia, said VoIP phishing attacks will emerge by the end of this year. The attacks will allow hackers to steal personal data, including credit card numbers and bank account information, and there is little security managers can do to stop them.“Theoretically, you phone up your bank and the customer service line has been taken over by hackers,” The Grugq said. In this scenario, the customer would be asked by the hacker to enter personal banking information before being passed on to an actual bank customer-service representative. “There’s no security technology out there that companies can deploy to fix this,” The Grugq said, noting that existing intrusion-detection systems are not capable of detecting when a VoIP attack takes place.During his presentation at the conference, The Grugq announced the release of alpha code for SIPhallis, a tool he wrote that allows security managers to manage Session Initiation Protocol VoIP packets on their networks. “It gives you an interface to create and send VoIP packets; it also allows monitoring of VoIP packets,” he said, adding that the application can also be used to inject packets into a VoIP stream. Existing soft phone or PBX software is all that is required for hackers to launch a VoIP attack, The Grugq said.The Hack in the Box conference runs through Thursday, Sept. 21.-Sumner Lemon, IDG News Service (Singapore Bureau)Related Links: When Voice Becomes Data (CSO) Bruce Schneier: We Are Losing IT Security War Security Advances Not Keeping Up With Tech Security Measures Seen Doing More Harm Than GoodCheck out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content brandpost Sponsored by Azul How to maximize ROI by choosing the right Java partner for your organization Choosing the right Java provider is a critical decision that can have a significant impact on your organization’s success. By asking the right questions and considering the total cost of ownership, you can ensure that you choose the best Java p By Scott Sellers Dec 04, 2023 5 mins Application Management brandpost Sponsored by DataStax Ask yourself: How can genAI put your content to work? Generative AI applications can readily be built against the documents, emails, meeting transcripts, and other content that knowledge workers produce as a matter of course. By Bryan Kirschner Dec 04, 2023 5 mins Machine Learning Artificial Intelligence feature The CIO’s new role: Orchestrator-in-chief CIOs have unique insight into everything that happens in a company. Some are using that insight to take on a more strategic role. By Minda Zetlin Dec 04, 2023 12 mins CIO C-Suite Business IT Alignment opinion Fortifying the bridge between tech and business in the C-suite To be considered a tech-forward company today, there has to be a focus on tech fluency across the C-suite, which creates a unique opportunity for CIOs to uplevel their roles and expand their footprint across the enterprise. By Diana Bersohn and Rachel Barton Dec 04, 2023 7 mins CIO Business IT Alignment IT Strategy Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe