Problems with VoIP

October 13th 2008 Posted to IT + More, Telecommunication Portal

Around fourteen WiFi VoIP handsets and deskphones have been tested by leading security experts, who say that security problems range from potential DoS attacks to more severe problems that allow “deep access” to the device that lets a remote attacker get hold of any sensitive information on the phone.

Such threats are inevitable. So where is the onus to prevent such problems? It has been suggested that if we see practices like this develop as these devices get more popular then the manufacturers will only have themselves to blame when the security issues put people off VoIP altogether.

Voice over IP hacking is the digital age’s version of war dialing - a method of automatically scanning telephone numbers using a modem, often dialing all telephone number in surrounding area to find where computers or fax machines are available, then attempting to access them by guessing passwords.

Still there are actions users can take to limit security vulnerablities. Here’s a list of WiFi VOIP security issues, and some useful ways to guard against them:

Many directions of attack:
As the phones get more sophisticated, so could the points of entry for malicious attacks increase. Email, client Web browsers, Bluetooth, SMS, WiFi, media players, and image viewers could all give hackers a point of entry. Though users can use open-source and commercial tools to continually test their phones and networks, they’ll ultimately have to rely on vendors to also do effective testing on these VoIP phones.

Targeting phones in public environments:
One way of doing this is a Bluetooth scanner could be hidden at the entrance to a major airport or train station and be used to grab user data. It may be best to keep Bluetooth and other wireless features swicthed off when not needed.

Rogue access points:
Other than this when at the office or on the road, subscribers will have to always be wary and scan for rogue access points. criminals will set up access points to target specifically WiFi phones in the corporate space as well as at conferences and other places business people like to get together. Good device authentication and encryption can help provide protection here.

Specific attacks:
Targeted attacks on specific voice-over-wireless networks may also be an issue, albeit one that the victims may prefer to keep quiet.

Bookmark this! These icons link to social bookmarking sites where readers can share and discover new web pages.
  • OnlyWire
  • Socialize-It
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Netscape
  • YahooMyWeb
  • Reddit
  • Slashdot
  • Ma.gnolia
  • RawSugar

Comments are closed.