Top 9 VoIP Threats And Vulnerabilities

The top attack to be on the lookout for is remote eavesdropping, says Sachin Joglekar, vulnerability research lead for Sipera VIPER Lab. Eavesdropping is exponentially easier in VoIP than with traditional PSTN telephone networks. Eavesdropping can represent a major communications and security breach. Those overheard conversations can be used to gather intelligence from competing businesses, or worse, used as blackmail for financial gain.

Last month, San Jose, Calif.-based Cisco Systems issued a security alert that identified 11 models of its Cisco Unified IP Phone 7900 Series handsets that were vulnerable to eavesdropping attacks. According to the networking giant, all Cisco IP phones that support Extension Mobility, which allows users to log into a phone and temporarily configure it as their own, were vulnerable to the attack. [READ MORE]

Next in line is VoIP hopping, which can enable remote eavesdropping, but more critically compromises VLANs, which were previously trusted as providing a secure VoIP environment. VoIP hopping can enable a PC to mimic an IP phone giving hackers the inroads to access the VoIP system.

Similar to e-mail phishing scams, another threat to keep an eye out for into the New Year is vishing, or VoIP phishing. Much like its e-mail counterpart, vishing lets hackers spoof caller ID and present a fraudulent phone identity. People who receive calls from a visher may be tricked into believing they're talking to a co-worker, their bank or another legitimate institution, causing them to share sensitive business or personal information.

Just like vishing works in a similar fashion as e-mail, VoIP spam will again show itself next year. Though VoIP spam is really less a threat and more an annoyance, it's a vulnerability that is sure to be exploited, Joglekar said. Since VoIP IDs can consist of numbers or characters, they become similar to e-mail addresses, meaning someone can reach you by telephone through the Internet. Spam writers can use VoIP to flood voicemail boxes with junk messages or keep the phone ringing, not allowing more important, welcomed calls to come through.

Another growing threat, which received massive attention in the past few years, is toll fraud. Toll fraud was brought to the forefront in 2006 when the FBI charged two men with accessing VoIP networks and "reselling" minutes to unsuspecting customers to the tune of millions of dollars. A successful toll fraud attack lets unauthorized users access VoIP networks to make calls, increasing VoIP costs and traffic. The attackers get free calling, while someone else gets stiffed with the bill. Joglekar said toll fraud is tough to fight, especially on VoIP networks that have little authentication or call analysis in place.

And with the increasing use of Skype, not only at home but in the office, it was only a matter of time before the often free and other times relatively cheap PC-based VoIP service was nailed. Skype will continue to be targeted in 2008. The Skype worm, once known as the w32/Ramex.A virus, is a worm that spreads through IM. It automatically stops access to security tools while it downloads to infected PCs and changes the Skype user's online status to "do not disturb," so that other users can't contact the infected user.

New connectivity options in the coming year are sure to expose VoIP to those who will leverage it for ill-gotten gain. Using VoIP over Wi-Fi will have hackers and attackers salivating. With the relative insecurity of VoIP and Wi-Fi separately, combining the two creates a perfect storm of threats. "We know that VoIP is insecure," Joglekar said, "and we're going to put it over Wi-Fi, which is also insecure." Using VoIP over Wi-Fi eliminates the need for a hacker to have physical access to the network, instead, using a sniffer or similar tool, a potential attacker can get onto the Wi-Fi network from outside or a different location and use that as an entry point to VoIP.

While not technically a threat or specific vulnerability, Joglekar said the lack of robust implementation in VoIP devices will also lead to attacks in 2008. Lack of robust tools in phones and servers mean users can't monitor their implementation and the protocols used to implement service. A weak implementation opens up the door for a hacker to send a message and make the system crash or execute code to get access to a laptop and pull data from it. Joglekar said by and large VIPER Lab research has found that implementation errors and systems lacking robustness are sure to be hit this year.

In the same vein, Joglekar said it is increasingly important to check a VoIP devices default security settings. In many cases, users get a phone, take it out of the box and start using it, paying more attention to the feature set than the internal security mechanisms. "No one goes into the default security settings," he said, "and usually they're weak." Joglekar added that the default security settings from many device makers aren't up to snuff. A quick check can lock down the device and make it less likely to be hacked, but many users fail to do that, relying on the weak default settings to carry the load. [READ MORE]