• United States



by Paul Kerstein

VOIP Security Woes Listed

Oct 31, 20052 mins
CSO and CISOData and Information Security

The Voice over IP Security Alliance (VOIPSA) has published a list ofsecurity problems that could derail IP telephony’s expansion.

These turn out to be remarkably similar to the hassles of using aconventional PSTN phones, but with added woes that come from runningcalls across the Internet.

Topping the industry body’s list are more familiar issues such asprivacy and eavesdropping, harassment by phone, premium rate abuse, andhijacking of service, all of which remain to be tackled by the industry.

Customers used to the PSTN might not, however, be as acquainted withother threats that will arrive with the technology. These include VOIPspam, caller-ID impersonation, denial of service attacks,authentication and complex ID fraud.

As to denial of service attacks specifically, the report lists eightmethods by which this can be initiated, which brings home the pointthat the VOIP world will have more in common with that of computingthan that of the telephone networks people have become used to.

And these are only the top-level security issues. Calls can also be”black holed,” or terminated unexpectedly, rerouted, and degraded. Aswell as interfering with quality of service they will also makepossible further security threats such as call impersonation.

“The overall goal of to help drive VOIP security awareness in thepress, industry and public,” say the reports authors, which comprisedengineers from a range of VOIP industry vendors.

“While some early press accounts focused on potential VOIP spam andVOIP call hijacking, the consensus of learning from this project isthat there are many other threats more prevalent risks includingeconomic threats from deceptive practices, malware, and denial ofservice,” the report states.

John E. Dunn,