SPIT: Spam Over Internet Telephony
Source: asteriskblog.com
I came across an interesting article on voip-news.com. It’s about this new threat and scourge to the community called spam over Internet telephony (or SPIT for short). If SPAM is for email, SPIT is for VoIP. SPIT are basically unsolicited voicemails sent over VoIP networks.
Compared to email spam, SPIT might be a bigger problem to deal with. While emails are only a few kilobytes apiece, voice messages can take up several megabytes each. Multiply that by thousands, and you have potential bandwidth problems. This can potentially increase your bandwidth bills several times over!
And then there’s the problem of volume. Take for instance email spam. In 2002, it was reported that spam constituted only 17% of worldwide email traffic. Two years later, it went up to 93% (according to Wired). If spam over VoIP grows that fast, then bulk of Internet traffic might just turn out to be junk messages, again considering the size of each message.
SPIT calls are characterized by being–of course–unsolicited, and by being sent by machines instead of humans. Just like spam-bots sent by millions of zombie computers around the world, spam Voice messages are sent by software.
Therefore, among the several means of fighting spam calls is the usual turing test, which will help determine if the caller is man or machine. The turing test is basically a challenge, that sees if the remote party is able to respond like a human–and for this purpose, tests answerable only with human intelligence are used. This may entail asking callers to input a random set of numbers before being let through, or such other methods.
Another means of combating SPIT is whitelisting, meaning only calls from known parties are accepted and let through without question. However, caller ID can be spoofed, so this might not be effective in such situations.
Other means include software and heuristics–much like virus-scanning. Software would analyze a caller’s voice patterns.
It might be comforting to know that SPIT is not as common in the Americas as it is to other countries like Japan, where use of VoIP and data-rich mobile telephony are more prevalent. Still, it’s a good idea to secure oneself from the possibility of attack in the future.
