Monday, December 10, 2007

Former NSA Agent comments on ooma security

Ira Winkler, Former National Security Agency analyst and author of Spies Among Us says:

See, Ooma is actually less secure than a traditional landline. By using Ooma, your call would be going out over the landline of a complete stranger, making it theoretically subject to eavesdropping. I can see those with criminal intent agreeing to be an Ooma subscriber, so they can eavesdrop on calls being routed through their Ooma box. They could listen in on people giving out their personal account information, credit card numbers, and other sensitive details.
He cites a podcast interview from back in July where ooma CEO Andrew Frame proudly states that he thinks his system cannot be broken, and challenges hackers to "Bring it on!" (the quote is about 15 minutes into the the video). Winkler says:
It has been my personal opinion that the only people who promise perfect security are fools or liars. Frame can decide which one he is.
Personally, I don't think anyone cares, other than security geeks. Even if you told people their calls can be recorded, they would probably still use the system to get "free" calls. Another key point is:
If Ooma turns out to be a success, they will definitely attract the attention of the "hackers" that Frame challenges.
Indeed. If TiVo or iPhone never got popular, nobody would have hacked them. Until ooma is widely deployed, there won't be many hacks. But when we find them, you can be sure we will report them here first.