«
»

Make Sure You Know the VoIP Security Loopholes

Around eight WiFi VoIP handsets and phones have been scrutinised by leading security professionals, who say that security problems range from potential denial-of-service attacks to more severe issues that allow “deep access” to the handset that lets unscrupulous individual read any sensitive information on the phone.

Problems like this inevitable. So who should sort it out? It has been suggested that if we see practices like this grow as these devices as used more widely then the manufacturers will only have themselves to blame when the security issues put people off VoIP altogether.

VoIP hacking is the modern days version of war dialing – a strategy of automatically scanning telephone numbers using a modem, usually ringing every telephone number in a local area to find where computers or fax machines are available, then attempting to access them by guessing passwords.

Still there are actions customers can take to mitigate the risk. Here’s a list of WiFi VOIP security issues, and some effective ways to protect against them:

Many directions of attack:
As the VoIP phones get more advanced, so could the points of entry for malicious attacks increase. Email, client Web browsers, Bluetooth, SMS, WiFi, media players, and image viewers could all provide a window of opportunity for hackers. Though users can use open-source as well as commercial tools to regularly test their phones and networks, they’ll ultimately have to rely on vendors to also do thorough testing on these devices.

Targeting phones in public environments:
One way of doing this is a Bluetooth scanner could be hidden at the entrance to a major airport or train station and be used to grab user data. It may be best to keep Bluetooth and other wireless features swicthed off when not needed.

Rogue access points:
Other than this when at the office or on the road, IT departments will have to always be wary and scan for rogue access points. Unscrupulous individuals will set up access points to target specifically WiFi phones in the corporate space as well as at conferences and other places business people like to come together. Good device authentication and encryption can help provide protection here.

Targeted attacks:
Select attacks on specific voice-over-wireless networks can also be an issue, although perhaps one that the victims may try to downplay.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • OnlyWire
  • Socialize-It
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Netscape
  • YahooMyWeb
  • Reddit
  • Slashdot
  • Ma.gnolia
  • RawSugar

This entry was posted on Monday, October 13th, 2008 at 6:38 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.