Protecting your voice traffic when using VoIP technology is not so different from protecting the other data, pictures and video that bounce around various points on your network every day.
VoIP does offer its share of vulnerabilities, and while some have yet to be penetrated, experts say it’s only a matter of time. Will your network be ready?
- Bandwidth burglars: Because VoIP can often be routed over the public Internet, details of those transactions can be viewed by outsiders, if they’re committed enough to access it. This summer, U.S. Federal authorities arrested a Miami man who they said made more than $1 million in a hacking scheme involving the resale of Internet telephone service. The man stands accused of routing calls through the lines of legitimate Internet phone companies and burdening them with the costs of carrying the traffic while he collected the connection fees from customers. A second man was arrested in Washington state, charged with aiding in the scheme. A total of more than 15 Internet phone companies were left with a bill of as much as $300,000 each in connection fees.
- No glam in this spam: Unsolicited bulk messages sent over VoIP to phones connected to the Internet actually have a name of their own: SPIT (spam over Internet telephony). Marketers already leave voice mail messages on regular phones, but IP telephony represents an even better opportunity, because messages can be sent in bulk rather than individually. And, because calls routed over IP are much tougher to trace, the risks of fraud are considerably higher.
- Internal affairs: Hackers on the outside with or without malicious intent are not the only ones who can cause incredible problems for users of VoIP. A major brokerage firm in New York recently moved to a VoIP system, replacing some of its regular phones with IP phones. When an employee brought in a laptop infected with a worm, the telephone system got knocked out. The firm took a significant financial hit. Problems that emanate from inside can be just as dangerous.
- No phishing in this channel – yet: A potential threat a VoIP user could face tomorrow is the phishing attack, where someone poses as a bank to lead a consumer to a fake site, where he/she might be fooled into providing personal information. This could lead to identity theft — then monetary theft.
- Don’t go there: Denial of service (DoS) attacks could certainly be launched against VoIP users. The real-time nature of the tool makes it even more susceptible to attacks affecting service availability. According to an article on the subject by Bogdan Materna, CTO and vice-president of engineering of VoIPshield Systems, VoIP has “very high sensitivity” to quality of service (QoS) parameters, which amplifies the threat of the known DoS attacks, viruses and worms. “A virus attack on a data network that would merely slow down the network can quickly cripple a VoIP network as QoS is quickly compromised,” said Materna. DoS, virus and worm-based threats use VoIP-specific protocols and VoIP vulnerabilities to overload their network and make service unavailable.
Contact the editor