liGo NEWS

Is VoIP Able to Defend Against Attacks? Part II

However, despite of everything, there are still a number of inherent—if not exactly basic—frailties in today’s VoIP systems. Maintenance, for one, is a particular bone of contention. Any IT professional who has had to deal with the troubles and glitches of a VoIP system knows that this system can be weary, weary work. In some instances, work days come and go before a solution happens and the problem is finally fixed.

Not to mention the fact that cordless phones packing along integrated VoIP features, or specifically, VoIP DECT phones, may already be hacked into in much the same manner as PCs. VoIP—operating as Internet telephony—has left the door wide open for virus writers and online hackers.

The thought certainly sounds alarming. And unlike virus writers as well as hackers during days of old, this time e-offenders are playing for more than the chance to nab a bit of fame and glory in the process. Plain old notoriety is already old news. What they are starting to come after these days is hard cash. This is why any number of hackers into VoIP cordless phones or into PCs today will definitely have their eyes more on scoring heaps and piles of dimes and nickels rather than showing to their cyber-mates who the best e-hacker or e-virus-writer is.

Those with enough skills in the field will undoubtedly have a fine time in learning their way around how to best take advantage of VoIP cordless phones in order to launch targeted attacks against a person or firm on the other end of the line. And though measures are being in place to protect the privacy as well as integrity of VoIP users, at this point, there’s not much else to stop these e-experts from spreading online menace. For one, there are quite a considerable bevy of quandaries involved in the process of authenticating VoIP network users. This makes phishing phone calls via VoIP networks all the more possible, shares Cullen Jennings. Jennings is currently a distinguished engineer at Cisco.

“These sorts of attacks are largely things that existed in traditional phone systems as well. There are issues with being able to authorise. For instance, can someone phone a 900 number and not get caught?” states Jennings.

It’s a PC, Not a Phone

Even if corporate rates of VoIP adoption differ in a number of ways, the integration opportunities, when factoring in the technology’s security implications, in particular, definitely do not make for an ideal situation for companies. VoIP-capable telephones such as cordless phones with VoIP or VoIP IP telephones now operate more as small desktop computers. Thus, while companies already have to keep their eyes peeled for problems of authentication that were already touched on earlier, these businesses also have to find ways to work around exterior threats that are similar to what users of personal computers or laptops often find themselves confronted by. This includes denial-of-service attacks as well as phishing. Identity spoofing is also another possible complication, states Paul Simmonds, and becomes another merry addition to an already problematic mix. Simmonds is a member of the Jericho Forum’s board of management, which is an international IT security group.

“The problem is two-fold. The phones themselves are substantially more expensive because they’re are fully functioning computers. So the base phone itself is more expensive — OK, the exchange isn’t — and the replacement lifecycle is probably half of the time of a traditional phone network, because it obviously is more complex and more prone to failure,” he explains. “So it’s an interesting technology. What people don’t take into account is that this is a computer. You need to patch it.”