VoIP’s Biggest Threat: Security

By | February 7, 2005

The VoIP Security Alliance (VoIPSA)has released a report on the state of Voice over IP (VoIP) and the challenges it faces. At the top of the list is the issue of security – if hackers can attack the very calls we make, they may have the leverage necessary to do serious damage.

The VoIPSA is a group of more than 20 technology companies and security research bodies dedicated to uncovering security problems and promoting ways to reduce the risk of attack.

The alliance includes companies like 3Com Corp., Alcatel SA, Avaya Inc., Siemens AG, Symantec Corp. and Ernst & Young LLP, the National Institute of Standards and Technology (a U.S. federal agency), the SANS Institute, a research organization for network administrators and computer-security professionals, and several universities will also be members. Comcast Corp. and Qwest Communications International Inc. are also expected to participate.

“VoIP inherits the traditional cyberthreats that data networks face today, and it faces additional threats because of the nature of voice communications,” says VoIP Security Alliance chairman David Endler, who is the director of digital vaccine at TippingPoint Technologies Inc., the security arm of networking vendor 3Com Corp. “We predict that in the next year or two we will see more VoIP-specific attacks.”

The ultimate goal of the group is to work towards making the VoIP protocol as safe and reliable as the telephone service. Few doubt that eventually VoIP will be the way all communication transpires. The very fact that it is digital and managed by computers means it is easier – and less costly – for businesses and home users to utilize.

The issue is that it opens up the same security nightmares prevalent on the Internet as a whole. Concerns over privacy issues, hacking and service disruptions – not to mention call hijacking, eavesdropping and identity theft – are very real, if only in the theoretical arenas.

“VoIP has a lot of great value propositions, but in order for it to be successful, it has to be secured” and offer service quality that´s on par with the current phone system, says David Endler, chair of the alliance and an executive at TippingPoint, a security company that was recently acquired by 3Com.

For now, users are largely safe. The hope is that the protocol will be able to be secured before hackers develop fast and dangerous tools to do serious damage – something which hasn’t yet been documented.

Leave a Reply