Thursday, December 15, 2005

New Sophisticated Security Threats From Voip

A new report from the Information Security Forum (ISF) warns that along with existing security problems associated with IP networks, VoIP will present new and more sophisticated threats, such as caller ID spoofing, voice modifiers, SPIT (voicemail SPAM) and packet injections.

With VoIP now poised to hit the business market in a big way, the ISF believes that failure to address these serious risks may bring voice communications to a grinding halt and result in identify theft and loss of sensitive information.

With a combination of caller ID spoofing and freely available voice modification software, it is relatively easy to pose convincingly as someone else, similar to web site spoofing and phishing. But the ISF believes that one of the most virulent problems posed by VoIP will come about as a direct result of the low cost of sending voice messages over the Internet. SPIT (spam over internet telephony) could become a huge problem for companies. This could range from staff wasting time clearing unwanted voicemail messages to a total loss of service.

Other VoIP security issues highlighted in the ISF report range from redirection of calls and packet injections where words are inserted into the data stream mid-conversation, to the interception of sensitive voice traffic in transit and theft of VoIP bandwidth.

In surveying ISF members to research the report, concerns were also expressed that as VoIP becomes more popular, organised criminals will turn their attention to sabotaging businesses by disabling phone systems through DoS attacks or spreading malicious viruses or worms. The problems of poor quality transmission and loss of service are gradually being overcome, which is expected to lead to more widespread adoption and reliance on VoIP in the future. This trend is also being driven by cost savings, improved functionality, ease of access and low cost of entry.

"Although VoIP is being increasingly used in the home environment, most businesses are still reliant on the Public Switch Telephone Network," said Nick Frost, Consultant at the ISF. "We take it for granted but it is extremely resilient, something that VoIP can not currently deliver. But it is inevitable that eventually VoIP will take over as the voice service of choice, bringing with it these additional new security risks."

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.