Germany’s Federal Office for Security in Information Technology (BSI)is warning businesses of potential security risks with VOIP (voice overInternet Protocol) technology in a study presented at the Systems ITexhibition and conference in Munich.The VoIPSEC report, released on Monday at the opening of Systems,appeared one day before Skype Technologies SA, one of the world’slargest providers of VOIP service, acknowledged critical flaws in itssoftware and urged users to upgrade to the latest version.In its report, BSI warns that although no spectacular attacks in thebusiness world have been reported yet, it’s only a matter of timebefore problems will emerge.The report lists 19 varieties of attacks on VOIP systems. These, inturn, can lead to a number of security threats, such as identity theft,data manipulation, transmission errors and incorrect billing. Also, VOIP opens the door to the various forms of malicious softwarewildly spreading in data networks, such as viruses, worms and Trojanhorses, according to the report.Authors of the VoIPSEC study urge companies to analyze where they planto implement VOIP, how crucial secure communication is to thatparticular business process and what level of security can be ensured.And although one of the biggest sales pitches of companies supplyingVOIP systems is convergence of voice and data networks, the authors arerecommending a separation of IP voice and IP data networks.” The study is available in German at: http://www.bsi.de/literat/studien/VoIP/index.htm.In a panel discussion at Systems, Manfred Fink, president of FinkSecurity, urged businesses to be careful of the current hypesurrounding VOIP. “Manufacturers are telling businesses how they cansave money by converging their voice and data networks,” he said. “ButIT managers should be aware that the money they may save in combiningtheir IP voice and data networks could be offset by the money they willneed to spend to make these networks secure.”Detlev Henze, a security expert in the IT security unit of the safetycontrol agency T? Rheinland Group, urged users to move “verycarefully” on deploying VOIP technology, especially on a global basis.”It’s best to start in small, closed user groups, and to work closelywith security experts who are aware of the many potential risksinvolved in VOIP,” he said. “This is a moving target.”The Systems event runs through Friday.By John Blau – IDG News Service (D?sseldorf Bureau) Related content news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO Advanced Persistent Threats Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe