« »

Who Should Solve VoIP Security Issues?

Around a dozen WiFi VoIP handsets and deskphones have been put to the test by top security professionals, who say that security problems range from potential DoS attacks to more serious issues that allow “deep access” to the handset that lets a remote attacker get hold of any sensitive information on the phone.

Problems like this inevitable. So where is the onus to prevent such problems? it has been posited that if we see practices like this develop as these devices get more popular then the manufacturers will only have themselves to blame when the security backlash comes back to haunt them.

VoIP hacking is the contemporary version of war dialing – a method of automatically scanning telephone numbers using a modem, often dialing every phone number in a local area to find where computers or fax machines are available, then attempting to access them by guessing passwords.

Still there are actions users can take to protect themselves. Here’s a list of WiFi VOIP security issues, and some useful ways to protect against them:

Many points of attack:
As the phones get more sophisticated, so could the points of entry for would be hackers. Email, client Web browsers, Bluetooth, SMS, WiFi, media players, and image viewers could all open back doors for hackers. Though users can use open-source as well as commercial tools to continually test their phones and networks, they’ll ultimately have to rely on vendors to also do proactive testing on these VoIP phones.

Targeting phones in public environments:
One way of doing this is a Bluetooth scanner could be concealed at the entrance to a major public space and be used to grab user data. It may be best to keep Bluetooth and other wireless features swicthed off when not needed.

Rogue access points:
Other than this when at the office or on the road, users will have to keep their guard up and scan for rogue access points. Hackers will set up access points to target specifically WiFi phones in the corporate space as well as at hotels and other places business people like to get together. Good device authentication and encryption can help provide protection here.

Specific attacks:
Select attacks on specific voice-over-wireless networks can also be an issue, albeit one that the victims may prefer to keep quiet.

Social bookmarks These icons link to social bookmarking sites where readers can share and discover new web pages.
  • OnlyWire
  • Socialize-It
  • bodytext
  • del.icio.us
  • Furl
  • StumbleUpon
  • Propeller
  • YahooMyWeb
  • Reddit
  • Slashdot
  • Ma.gnolia
  • RawSugar

This entry was posted on Monday, October 13th, 2008 at 11:44 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.