Page 1 of 2
As the use of VoIP continues to grow, so does the number of treats and vulnerabilities hackers can use to attack a system. Whether it's malicious, for financial gain or for bragging rights, 2008 will see an evolving roster of threats to VoIP systems.
According to Sachin Jaglekar, vulnerability research lead for Sipera VIPER Lab, a research group that finds and indentifies VoIP threats, some of the same attacks that started to gain notoriety in 2007 will continue through next year.
Here are nine threats and vulnerabilities Jaglekar and his research team said VoIP systems will encounter:
1. Remote Eavesdropping
The top attack to be on the lookout for is remote eavesdropping, Joglekar said. Eavesdropping is just what it sounds like, listening in on VoIP calls, a trick that is exponentially easier in VoIP than with traditional PSTN telephone networks. Eavesdropping can represent a major communications and security breach. Those overheard conversations can be used to gather intelligence from competing businesses, or worse, used as blackmail for financial gain.
Last month, San Jose, Calif.-based Cisco Systems issued a security alert that identified 11 models of its Cisco Unified IP Phone 7900 Series handsets were vulnerable to eavesdropping attacks. According to the networking giant, all Cisco IP phones that support Extension Mobility, which allows users to log into a phone and temporarily configure it as their own, were vulnerable to the attack.
2. VoIP Hopping
Next in line is VoIP hopping, which can enable remote eavesdropping, but more critically compromises VLANs, which were previously trusted as providing a secure VoIP environment. VoIP hopping can enable a PC to mimic an IP phone giving hackers the inroads to access the VoIP system.
3. Vishing (VoIP Phishing)
Similar to email phishing scams, another threat to keep an eye out for into the New Year is vishing, or VoIP phishing. Much like its email counterpart, vishing lets hackers spoof caller ID and present a fraudulent phone identity. People who receive calls from a visher may be tricked into believing they're talking to their bank or another legitimate institution, causing them to share sensitive personal information like credit card numbers.
4. VoIP Spam
Just like vishing works in a similar fashion as email, VoIP spam will again show itself next year. Though VoIP spam is really less a threat and more an annoyance, it's a vulnerability that is sure to be exploited, Joglekar said. Since VoIP IDs can consist of numbers or characters, they become similar to an email addresses, meaning someone can reach you by telephone through the Internet. Spam writers can use VoIP to flood voicemail boxes with junk messages or keep the phone ringing, not allowing more important, welcomed calls to come through.
5. Toll Fraud
Another growing threat, which received massive attention in the past few years, is toll fraud. Toll fraud was brought to the forefront in 2006 when the FBI charged two men with accessing VoIP networks and "reselling" minutes to unsuspecting customers to the tune of millions of dollars. A successful toll fraud attack lets unauthorized users access VoIP networks to make calls, increasing VoIP costs and traffic. The attackers get free calling, while someone else gets stiffed with the bill. Joglekar said toll fraud is tough to fight, especially on VoIP networks that have little authentication or call analysis in place.
|
Telco Shuffle: AT&T's Executive Reorganization Following its fourth-quarter loss, AT&T makes some major changes to the executive ranks. |
|
Telco Updates: Level 3 Wins DoD Contract; CenturyLink Hooks Up Jeans Maker CRN looks at recent headlines made by telecom carriers, including CenturyLink, China Unicom, Integra and more. |
|
10 Telecom Predictions for 2012 What will next year hold for telco mergers and the mobile device boom? CRN makes its 2012 predictions for the Telecom industry. |
 More
Slide Shows |
