Feeds

VoIP - open season for hackers

7 out of 10 calls vulnerable to attack

The Power of One eBook: Top reasons to choose HP BladeSystem

Sensitive data sent using VoIP is vulnerable to attack because call centres are failing to secure their networks robustly enough, according to new research.

Customers' private details could be easily hacked into using the wiretapping method with a staggering 7 out of 10 calls open to attack, said security company Scanit, which audited data transfer at various busy call centres and service providers.

It found lax security for networks at call centres which deal with thousands of calls from around the world and was able to pick up data that included tone-dial PIN numbers used to access phone banking services.

Research also revealed that many companies were left vulnerable to attack because of common-held assumptions that security measures had already been put in place by VoIP vendors on the network.

"Administrators at these places lacked adequate skills and understanding of the security aspects of setting a VoIP network up. They relied on the vendor or system integrator to secure it," said Scanit engineer Sheran Gunasekera.

He also said that "many networks were even running VoIP without encryption."

The research also pointed to the availibility of simple to use free software that can be easily downloaded and installed to pick up unprotected conversations and Gunasekera warned that "one program, called WireShark, detects VoIP calls as they traverse a network, while another, Cain & Abel, records them onto a hard drive, like an MP3."

Selling personal details is increasingly becoming a lucrative business with call staff being offered up to £5 to dish out private data, as a result the researchers conclude that companies should sit up and listen to legitimate security concerns regarding VoIP networks or face severe consequences.

Read morehere.

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.