Original URL: http://www.theregister.co.uk/2008/01/17/voip_security_2008/

2008 - the year VoIP gets hacked?

The drawbacks of IP everywhere

By Bill Ray

Posted in VoIP, 17th January 2008 12:49 GMT

With VoIP rapidly becoming a commodity feature in everything from TV set-top boxes to barcode scanners, Sipera's VIPER Lab predicts that 2008 will be the year it all goes pear-shaped - a prediction borne out by Cisco's first security fix of the year.

VIPER reckons that denial of service attacks and eavesdropping, using hacked computers, will start to become serious issues during 2008. Cisco's latest advisory warns their Unified Communications Manager has a buffer-overflow bug which would facilitate the former, and offers a downloadable fix. But as public IP networks become part of the telecommunications infrastructure, the potential for hackers to cause mayhem increases.

Microsoft Office Communications Server is, apparently, what the forward-looking hacker is currently reading up on. The potential of using unified communications for all sorts of fraud becomes easier when it's controlled from one place.

Fixed/Mobile convergence is also suggested as a security weakness, with telecos connecting their systems to IP networks but lacking the skills to maintain the security of such connections.

Of course, the solution to all these problems is to hire a company like Sipera (owners of the VIPER Lab) to help.

The growth of VoIP also provides criminals with easy access to disposable phone numbers, which they use, along with a sprinkling of social engineering, to entice people to hand over their credit card details.

That's a problem that even Sipera is unlikely to be able to help with. ®