I've been doing a lot of work with VOIP recently. I have both hard and soft phones - all of them are computers. All of them contain software. All, to some degree, are vulnerable to being attacked or manipulated from afar.
How do I know that my VOIP phones, particularly soft phones running on vulnerable operating systems (typically of the Redmond gender), are not always listening?
In fact why should I trust that any computer equipped with a microphone isn't listening?
It would be easy for a bit of spyware to turn on the microphone and record any voices it might hear. It would be easy to compress those recordings and send them out amongst web traffic so that the transfers would not be easily noticed.
I may be paranoid - but with the onslaught of spyware today's paranoia could be tomorrow's reality. It certainly would be nice if laptops and VOIP phones were designed with a physical switch that could disable the microphone and place it beyond the reach of software.
Posted by karl at May 15, 2005 1:05 AM