VoIP Hacking – Security Issues Raised

A man in the US is said to have made $1m after hacking into broadband phone companies and selling calls over their networks. Internet calls seem to be ripe for criminal attacks.

Managed telephony vendor, Voice4IP says VoIP networks use the same technology for connection as any other network connected device and require the same procedures to be implemented to ensure that they are secure. Hackers will use the same tried and tested techniques of breaking into server systems when they turn their attention to VoIP systems and so it is imperative that security is at the forefront of any VoIP system design.

Security needs to be seen in the context of current telephony infrastructure – which is neither secure nor resilient – because people are comfortable with it they don’t realise the issues. Existing analogue infrastructure including the local exchanges are potentially very vulnerable to attack – simply by cutting the cable or clipping into it to either listen into calls or use other peoples lines without incurring costs. The difference here is that people have to physically go there – with IP comes the possibility to do this remotely.

The vendor responsibility here lies in providing and managing a secure VoIP system that addresses all security fears. Advising a company right at the start as to what the key security measures that companies should follow, such as encrypting voice traffic, running it over a VPN, making sure firewalls are properly configured, and choosing a provider where you don’t have to completely overhaul your firewall configuration.