« »

Don’t be a victim with VoIP

Around eight WiFi VoIP handsets and deskphones have been put to the test by leading security professionals, who say that security problems range from potential denial-of-service attacks to more serious issues that allow “deep access” to the handset that lets a hacker get hold of any sensitive information on the phone.

Such threats are inevitable. So whose responsibility is it to forestall them? It has been suggested that if we see practices like this develop as these devices as used more widely then the manufacturers will only have themselves to blame when there’s a widespread attack.

Voice over IP hacking is the modern days version of war dialing – a method of automatically scanning telephone numbers using a modem, usually dialing all telephone number in surrounding area to find where computers or fax machines are available, then attempting to access them by guessing passwords.

Still there are precautions people can take to mitigate the risk. Here’s a list of WiFi VOIP security issues, and some effective ways to protect against them:

Multiple directions of attack:
As the VoIP phones get more sophisticated, so could the points of entry for malicious attacks increase. Email, client Web browsers, Bluetooth, SMS, WiFi, media players, and image viewers could all provide a window of opportunity for hackers. Though users can use open-source as well as commercial tools to regularly test their phones and networks, they’ll ultimately have to rely on vendors to also do effective testing on these VoIP devices.

Targeting phones in public environments:
For example a Bluetooth scanner could be concealed at the entrance to a major public space and be used to grab user data. It may be best to keep Bluetooth and other wireless features swicthed off when not needed.

Rogue access points:
Meanwhile at the office or on the road, customers will have to keep their guard up and scan for rogue access points. Unscrupulous individuals will set up access points to specifically target WiFi phones in the corporate space as well as at conferences and other places business people like to congregate. Decent device authentication and encryption can help provide protection here.

Specific attacks:
Select attacks on specific voice-over-wireless networks can also be an issue, albeit one that the victims may prefer to keep quiet.

Tell others These icons link to social bookmarking sites where readers can share and discover new web pages.
  • OnlyWire
  • Socialize-It
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Netscape
  • YahooMyWeb
  • Reddit
  • Slashdot
  • Ma.gnolia
  • RawSugar

This entry was posted on Sunday, October 12th, 2008 at 2:34 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.