VoIP is evolving rapidly as a far better alternative than the traditional telephone system, and as such has become the preferred mode of communication among many businesses. However, there are serious security risks attached to it—as they are with any other new technology—which the companies need to be aware of and try to fix.
Here’s a quick look at the vulnerabilities :
- Identity theft: Given the lack of security in most VoIP technologies, a theft of user credentials is very common. Once this happens, the attacker can utilize the services of the provider and pass on the costs to the unsuspecting user.
- Vishing: A variant of the phishing attacks, VoIP phishing (or vishing) involves the attacker impersonating some regulatory body and asking for confidential account information. The unaware users fall for this trap, and may end up revealing confidential business information.
- Denial of service: The classic DoS attack also plagues VoIP. This can involve flooding the victim’s network so that VoIP services are denied, and then trying to take control of administrative privileges.
- SPIT: In Spamming over Internet Telephony (SPIT), the voicemail of the victim is flooded with nonsense messages, much like spamming someone’s email. This might not lead to much, but can make voicemail practically useless for the victim.
- Call tempering: The attacker can also spoil the calls by tempering them. This is done either by introducing delays in the call, or adding noise to the communication channel.
If your VoIP network shows any of these suspicious symptoms, it’s best to go for a thorough examination and see if it isn’t being compromised.
image source : http://www.flickr.com/photos/