Security is always overlooked when it comes to VoIP. There are those who feel that security is essential and others who think security is overrated. The truth lies somewhere in the middle. If we need security, we need to decide against what.Here are 4 of the biggest threats in the world of VoIP where it comes to security – this is why we really need to take a good hard look at how we deploy our networks.
1. SPIT (Spamming)
SPIT is Spam over Internet Telephony. Once VoIP becomes common place (it probably is for those reading this blog, but maybe not for their parents), SPAM will find its way. It is the same as our physical mailboxes suffer from junk mail from publishers that our email suffers from solicitation for organ enlargements and our phones are flooded with requests from corporations to purchase or donate.
This form of vulnerability will hit the consumer market, as it brings the potential of acquiring new customers.
2. Phishing and phone scams
Phone scams are here to stay. Millions of Russians suffer from it with their mobile phones already, and the main reason is trust:
“Most scams are based on people’s trust instinct – either suggesting a relative is in trouble unless a bribe is paid, or sending SMSs to say that in order to collect a prize, money must first be transferred to another account.”
The same way we trust our landline and mobile phones, we will surely trust our VoIP phones. Currently, most VoIP systems lack the security to allow for such trust.
This vulnerability is also in the consumer market, where scammers will try to unlawfully get money from phone users.
3. Hijacking
The most common attack taught today in computer science departments is man in the middle. In it, the attacker simply sits between two devices and acts as a mediator – he knows everything that transpires and might even be capable of changing the content of the information. This brings about the ability to eavesdrop and even hijack the phone number to make unsolicited calls.
Hijacking and eavesdropping fits well into the enterprise market, where industrial espionage or just knowledge acquiring will be the main incentive.
4. Denial of service
Known also as DOS, this attack is designed to bring a service down. By either exploiting a vulnerability that causes a system to crash, or flooding it with irrelevant requests to take up 100% of its processing time, an attacker can practically stop a service. This happens once in a while – the attack on the internet’s root DNS servers last year is an example. A lot of VoIP products out there have vulnerabilities that can be exploited mainly by DOS attacks.
Denial of service is a technique that can be used against commercial services by competitors or people who strongly disagree with the service or what it stands for.
As VoIP becomes commonplace, we as an industry need to place a bit more focus on it. We don’t need to go overboard and view everything from the security aspect alone – on that I totally agree with Dameon Welch-Abemathy. On the other hand, we shouldn’t let our guard down – Rasa Siegberg is correct as well.
Tags: denial of service, enterprise, ip phone, Mobile, phishing, Security, servers, spam, SPIT, VoIP
Trackback this post | Subscribe to the comments via RSS Feed