2008 - the year VoIP gets hacked?
Print storyThe drawbacks of IP everywhere
Posted in VoIP, 17th January 2008 12:49 GMT
See what The Register's experts have to say on application security
With VoIP rapidly becoming a commodity feature in everything from TV set-top boxes to barcode scanners, Sipera's VIPER Lab predicts that 2008 will be the year it all goes pear-shaped - a prediction borne out by Cisco's first security fix of the year.
VIPER reckons that denial of service attacks and eavesdropping, using hacked computers, will start to become serious issues during 2008. Cisco's latest advisory warns their Unified Communications Manager has a buffer-overflow bug which would facilitate the former, and offers a downloadable fix. But as public IP networks become part of the telecommunications infrastructure, the potential for hackers to cause mayhem increases.
Microsoft Office Communications Server is, apparently, what the forward-looking hacker is currently reading up on. The potential of using unified communications for all sorts of fraud becomes easier when it's controlled from one place.
Fixed/Mobile convergence is also suggested as a security weakness, with telecos connecting their systems to IP networks but lacking the skills to maintain the security of such connections.
Of course, the solution to all these problems is to hire a company like Sipera (owners of the VIPER Lab) to help.
The growth of VoIP also provides criminals with easy access to disposable phone numbers, which they use, along with a sprinkling of social engineering, to entice people to hand over their credit card details.
That's a problem that even Sipera is unlikely to be able to help with. ®
The future of SaaS and IT infrastructure management
Should your email live in the cloud: a comparative cost analysis
Hosted security IT manager's guide
Jump start your Application Security initiatives
Securing your Apache web server with a Thawte digital certificate
Win a Samsung C6625!
Is your cameraphone an oxymoron?
Windows 7, Bing and security: Mr Ballmer regrets
Sign up, sign up for The Register IT security newsletter