With VoIP rapidly becoming a commodity feature in everything from TV set-top boxes to barcode scanners, Sipera's VIPER Lab predicts that 2008 will be the year it all goes pear-shaped - a prediction borne out by Cisco's first security fix of the year.

VIPER reckons that denial of service attacks and eavesdropping, using hacked computers, will start to become serious issues during 2008. Cisco's latest advisory warns their Unified Communications Manager has a buffer-overflow bug which would facilitate the former, and offers a downloadable fix. But as public IP networks become part of the telecommunications infrastructure, the potential for hackers to cause mayhem increases.

Microsoft Office Communications Server is, apparently, what the forward-looking hacker is currently reading up on. The potential of using unified communications for all sorts of fraud becomes easier when it's controlled from one place.

Fixed/Mobile convergence is also suggested as a security weakness, with telecos connecting their systems to IP networks but lacking the skills to maintain the security of such connections.

Of course, the solution to all these problems is to hire a company like Sipera (owners of the VIPER Lab) to help.

The growth of VoIP also provides criminals with easy access to disposable phone numbers, which they use, along with a sprinkling of social engineering, to entice people to hand over their credit card details.

That's a problem that even Sipera is unlikely to be able to help with. ®

Related stories

• Fugitive VOIP hacker cuffed in Mexico (11 February 2009)

  https://www.theregister.com/2009/02/11/fugitive_voip_hacker_arrested/

• UCSniff - VoIP eavesdropping made easy (30 September 2008)

  https://www.theregister.com/2008/09/30/voip_eavesdropping_tool/

• Disaster recovery bug hangs up Cisco comms kit (7 April 2008)

  https://www.theregister.com/2008/04/07/cisco_disaster_recovery_bug/

• Please don't call us, begs German VoIP phone outfit (13 March 2008)

  https://www.theregister.com/2008/03/13/dont_call_us/

• Cisco plugs VoIP malware loophole (15 February 2008)

  https://www.theregister.com/2008/02/15/cisco_voip_update/

• FBI rings warnings over VoIP phishing cons (21 January 2008)

  https://www.theregister.com/2008/01/21/fbi_vishing_warning/

• Skype blocks poison movie peril (18 January 2008)

  https://www.theregister.com/2008/01/18/skype_security_vuln/

• Motorola brings VoIP to the shop floor (17 January 2008)

  https://www.theregister.com/2008/01/17/moto_va50/

• Hackers graft Google Android onto hardware (11 January 2008)

  https://www.theregister.com/2008/01/11/google_android/

• Broadcom hooks up with Trolltech for Linux VoIP (10 January 2008)

  https://www.theregister.com/2008/01/10/trolltech_broadcom/

• Cambridge University dials up VoIP (8 January 2008)

  https://www.theregister.com/2008/01/08/cambridge_uni_voip/

• Philips sells set-top box biz to Pace (19 December 2007)

  https://www.theregister.com/2007/12/19/pace_buys_philips_stbs/

• Samsung's Wi-Fi VoIP mobile pops up on T-Mobile (10 December 2007)

  https://www.theregister.com/2007/12/10/tmobile_samsung_katalyst/