Avaya & Nortel: Hackers to Attack VoIP within Two Years

Hackers will attack voice over IP (VoIP) telephone conversations with spam and malicious code within two years, equipment manufacturer Nortel has claimed.

Companies using VoIP and other multimedia services, such as videoconferencing, should plan to defend against unsolicited adverts appearing mid-conversation, the company said.

Reported elsewhere, Atul Bhatnager, VP of enterprise networks, said: “VoIP attacks are still at an early stage but as hackers become more savvy you’ll see similar things as on the data side; denial-of-service attacks or spam on VoIP.

“I would say this will occur in the next two years as adoption is increasing. This is the right time to put the defenses in place as the use of VoIP will be rigorous over the next two or three years. We’ve learned a lot of lessons on the data side which can be applied to the voice side.”

VoIP carries a call over a data network rather than only over a telephone providers’ traditional circuit-switched network. This can cut the cost of phone calls for businesses, which has made the technology attractive to some.

But questions around the security of VoIP remain unanswered. Bhatnager said that deep-packet inspection – a method of checking every IP packet entering a network for unusual properties, in much the same way airport security checks every passenger – is an essential part of protecting networks against VoIP attacks. ” VoIP is not the only target for the future”, he added, “as videoconferencing over IP networks could be hijacked in the same way as voice and data services. VoIP is the first phase – video is right behind. You’ll be watching a video screen and all of a sudden it’s hijacked and you are watching an ad. If you can do it on data you can do it on VoIP. People will marry individual tastes and preferences and use it for intelligent spamming.”

Meanwhile, Nick Brasier at Avaya told Comms Business Magazine, “Security is already important today on TDM PBX’s and key systems. Adding VoIP to these systems introduces additional security needs owing to the connection to a LAN, and not only will hacking be a threat in the future but it is also a consideration today, from standard LAN-based hacking or other security violations.”

With specific regard to his own products Brasier added, “IP Office already has security built-in – in the form of password-secured access to applications and management, and encryption of key transactions. And being an IP-PBX, we have already built LAN-oriented security into IP Office, for example its built-in firewall and the built-in router.”

Brasier gave the following advice, “Customers should leverage the security built into products such as IP Office; they should also take advantage of existing specialist LAN-oriented security products, such as Denial of Service (DOS), Distributed Denial of Service (DDOS), Anti-Virus etc. There are many specialist companies which resellers can look to for additional standard LAN security products to meet their specific customers’ needs, which should typically be addressed everywhere that a company’s LAN interfaces to external & public communications services.”

He concluded, “In addition, VPN technologies can be used to secure any site-to-site communications security concerns, and also for remote and home access to the corporate communications infrastructure. IP Office includes support for VPN functionality, and in addition resellers & customers have the choice of using third party VPN solutions, as always tailoring the IP Office solution to the specific customer requirements.”