By Sharla Sikes

VoIP is uniquely vulnerable to malicious tampering. Security is always at issue.

The Black Hat security conference in Las Vegas brought together industry experts who discussed the topic on Aug. 1.

VoIP calls are susceptible to “cybercriminals” who can eavesdrop, steal data, intercept credit card numbers or cancel connections.

“VoIP is about convergence. The idea is that you save money and resources and time,” said Barrie Dempster, a senior security consultant at Next Generation Security Software who made a presentation at the conference. “But convergent systems give you more avenues of attack, more ways in. It’s not a secure environment.”

While VoIP has existed in one form or another for 15 years or so, the recent surge of security attacks has directly followed its recent popularity. “Old bugs” were never patched. The ZRTP language used to transmit sounds encrypts voices, but not numbers, leaving credit card numbers entered on touchtone phones open to attack. Media gateway control protocol can allow eavesdropping.

“We point these problems out,” said Barrie Dempster, a senior security consultant at Next Generation Security Software, “But the lessons aren’t being taken.”

Mobile devices are vulnerable as well: Krishna Kurapati, founder and chief technology officer of Sipera Systems demonstrated onstage how WiFi connections can be hacked, as well as theft of data using VoIP on a laptop during the conference.

The reality is more immediate than onstage demonstrations. Businesses have suffered crimes such as the theft of thousands of dollars in long-distance minutes, called “toll fraud.”

As VoIP becomes increasingly more adopted in the business world for its many benefits, so will the security threats continue to grow.

“There’s a perfect storm of more openness and mobility, more mainstream adoption, and new entrants into the industry,” said Eric Winsborrow of Sipera Systems. “The table stakes are getting much bigger.”

Related Content

Subscribe to the post comments feeds or Leave a trackback