Why should potential fraudsters go to all the trouble of launching sophisticated VoIP exploits when even the most basic security has not been implemented? Security is the responsibility of each and every one of us, whether we are users, manufacturers, service providers or resellers.
The real question is how much has the industry moved on in the past two years, what measures have been taken and have the lessons been learned from this case by service providers and resellers alike?
The McAfee Virtual Criminology report references two specific VoIP threats, namely ‘vishing’ and ‘phreaking’. According to McAfee, fraudsters intend to exploit VoIP services to send voice messages to subscribers in a form of attack known as VoIP phishing or ‘vishing’. Although it is early days for this type of attack, there have already been at least two reported cases of vishing documented to date and both of these stemmed from criminals using social engineering methods over an IP network to steal personal information.
The term Phreaking, first came into use during the 70s in reference to telephone hacking, using the variety of tones to manipulate the exchange to make free calls. Modern day phreakers are using personal computers to hack the Softswitch directly with the same objective. However, the fact remains that it is still much simpler to use well known computer vulnerabilities to access the identity information needed to make free calls.
We should all be learning lessons from the past to avoid the ‘hack and patch’ cycle with network vulnerabilities being addressed on an ‘as needed’ basis. Service providers do appear to be more proactive these days with security questions ranking high on their agendas, but individuals lag behind in terms of awareness and proactivity. This leaves a huge opportunity for the channel to educate the market in order to avoid fraudsters circumventing the network and taking aim at subscribers and their poorly protected devices.
In order to improve security we need to address two major concerns – disruption and identity theft. While there is no single, allencompassing solution to these issues, increased security awareness and education is fundamental. Strong authentication and encryption will be key to protecting user confidentiality while increased complexity of passwords will further support any security measures. Encompassing all of these measures the network itself must be architected with multiple layers of defences built in, including the specialised protection offered by session border controllers.
There aren’t many of us out there today who would still leave the house with the front door unlocked when popping out for a few hours. More unlikely still is the idea of leaving the door wide open. Let’s get those doors closed and locked now. You’ve heard the saying an Englishman’s home is his castle, well, it’s about time his PC and his phone are too.
How secure is your VoIP
Most Popular Features
- ISDN vs. SIP – No Contest?
- Software Defined Networking (SDN) Explained
- The Impact of 5G
- No Complaints
- The Death of ISDN?
- The MVNO Challenge
- Transforming the Customer Journey
- Hazards of setting up Wi-Fi in the workplace
- The Cloud in 2013
- BroadCloud Explained
- Dunelm Opt for Triple Resiliency
- GOODBYE 2008 HELLO 2009!
- Adapting to Change
- Cloud Going Mainstream
- The Benefits of Co-Location
- The evolution of videoconferencing
- The Swan Effect
- Chuffed and Humbled!
- ISDN Conversion Battleground