VoIP: It's Security Deja Vu All Over Again - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Applications
01:51 PM
Mitch Wagner
Mitch Wagner

VoIP: It's Security Deja Vu All Over Again

Our report on Voice over IP security hazards should send a chill through any business or consumer relying on the technology.

Our report on Voice over IP security hazards should send a chill through any business or consumer relying on the technology.The owner of two Miami VoIP companies was arrested recently and charged with making more than $1 million by breaking into third-party VoIP services and routing calls through their lines. Prosecutors say Edward Pena was able to collect fees from customers while stealing the infrastructure from other companies. It was the electronic equivalent of eating at a restaurant and sticking somebody else with the check. But the victim companies were stuck paying for some big meal--they were charged more than $300,000 for connectivity to the Internet backbone.

Researchers at security companies describe how attackers might use VoIP to hijack calls made by customers to companies and trick customers into giving up their credit card numbers.

The VoIP Security Alliance warns that VoIP networks are susceptible to denial-of-service attacks the way IP networks are and traditional phone networks aren't. Unencrypted VoIP calls can easily be eavesdropped on. VOIPSA warns about spam over IP telephony (new acronym for your files: SPIT). And VoIP permits callers to easily change their Caller ID information, so criminals can identify themselves as being from legitimate companies and trick consumers into giving out credit card numbers and account numbers.

VOIPSA also provides tips on how to secure your VoIP network.

Security vendor Cloudmark warned in April about a scheme whereby grifters sent e-mail spam asking users to call a bank switchboard. The attackers used a computer and VoIP service to set up a voice line that sounded like the bank's normal voice-operated service.

So far, these attacks have been coming in at a trickle, by onesies and twosies. But longtime Internet users will remember that's how spam, phishing, and e-mail viruses started--a little at a time. Now we get hundreds of spam, phishing messages, and e-mail viruses every day, and these attacks have created huge problems on the Internet a couple of times. As VoIP grows more popular among both consumers and businesses, the threat has the potential to grow as large as e-mail-borne attacks.

Let's take precautions now so that the threat stays small.

What do you think? Are VoIP threats significant? What should we do about them?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll