There's no doubt that voice over IP (VoIP) is the future of telephony. What started as a rather cumbersome way for budget-conscious enthusiasts to talk to each other using their computers has now developed into something of much greater significance - IP telephony, a new way of delivering fully-featured phone services that promises big cost savings and opens the way for a whole new range of multimedia communication services.
The new technology promises significant benefits. Organisations save by eliminating the need to operate separate voice and data networks to connect their employees and facilities, for example. They can also improve their efficiency and flexibility. IP phones are not constrained by the need for a dedicated line back to an exchange. This removes the ties between phone numbers and the phones themselves - numbers can instead be allocated to people and associated with whichever phone the user chooses to log in to, wherever on the corporate network that might be. This not only makes flexible working much easier, it creates new opportunities when it comes to the allocation of work to employees. Where IP telephony is used, anyone can log in to take calls to the call centre, for example - not just those in the call centre itself.
Given that IP telephony is delivered using the same underlying technologies as the internet and corporate intranets, questions regarding security are inevitable - and fully justified. After all, computer systems have long been subject to attacks from hackers, spammers, fraudsters and others of malicious intent. And while firewalls, intrusion detection systems and antivirus/antispam software are an effective defence, they are not perfect. Some attacks will strike home, rendering computer systems useless or opening doors that thieves and fraudsters can exploit.
IP telephony is both the result and the victim of convergence. Made possible by the fusion of computing and communications technologies, it is a potential target for all the different kinds of attack that have faced computers and phone systems in the past.
Six top threats
Attacks will be conducted for a number of different reasons. The six below are likely to prove the most common.
Denial of service attacks
To reduce the quality of the phone service, potentially to the extent of preventing users from making and receiving calls.
How it works:
There are two main ways of denying access to IP telephony services.
If calls are routed through the public internet (as is the case for the services offered by Skype, Vonage and others as well as for BT Communicator and BT Broadband Voice) or across another network that shares capacity on a ‘first come, first served' basis, interference can result even as a result of perfectly legitimate activities, such as downloading large files. Alternatively, an attacker can flood a target call manager, phone, or IP telephony infrastructure with spurious service requests or malformed data packets. These will either overload the systems and software completely, or significantly impede their ability to handle legitimate calls. Attacks on IP telephony systems may well exploit weaknesses in softphones and other equipment and software in a similar way.
Theft of service
To make phone calls at someone else's expense without their permission.
How it works:
This requires the ability to access or connect to an organisation's IP phone network or the theft of log on details for public services.
As is the case with conventional phone systems, anyone who is given access to an organisation's premises can use any phone that's working and enabled at the time. In addition, if an attacker can gain access, call routing software can be modified to grant callers to selected numbers access back into the public phone network - so called dial-through fraud, which is on the increase.
With VoIP, opportunities for people to use phone services without permission can also result from inadequate network security, the connection of devices to a network without permission, and the infection of IP phones and softphones by software that modifies their behaviour.
Because the number of a phone is often defined when the user logs in, stolen user identification details can be used to charge calls to someone else's account.
To make money by manipulating phone usage and/or billing systems.
How it works:
As with conventional phone systems, opportunities exist for fraudsters to make money by calling premium-rate services. The principal difference is that, because VoIP is a computer technology, such services can be dialled automatically.
Alternatively, devices could be attached to an organisation's network without permission that then make frequent or prolonged calls to premium-rate numbers.
Fraudsters could also hack into billing systems, adjusting records in their favour.
To cause inconvenience or offence.
How it works:
SPIT - Spam over Internet Telephony - can be thought of as a new, and potentially more disruptive, way for people to make nuisance calls.
Because VoIP is a data service, the rate at which voice messages can be sent is not limited by the number of a lines the caller has available or the rate at which numbers can be dialled.
To listen in to calls or otherwise acquire confidential information.
How it works:
VOMIT is an acronym for Voice Over Misconfigured Internet Telephony. It is a technique that can be used when the data packets that make up phone calls are transmitted through a network that also carries data.
To trick someone into taking action that enables theft or fraud.
How it works:
In caller ID phishing, fraudsters fake the number of the calling phone, making it look as though a legitimate organisation - perhaps a bank - is making the call. This increases the chance that the called person will give away confidential information.
The significance of the various weaknesses and vulnerabilities depends on how VoIP is being used. IP phone services that operate over the public internet are more at risk than other applications of the technology, for example, but are often used to compliment, rather than replace, other phone services. Private IP phone networks that operate within a single organisation are inherently better protected but, because they are the sole way of making calls, the costs and consequences of service failures are often orders of magnitude greater.
A growing number of services are available to allow people to make phone calls over the internet, typically taking advantage of unused capacity on the broadband link to a home or office. Examples are Skype, Vonage, BT Communicator and BT Broadband Talk.
Because the services all share network capacity with other traffic, calls will be subject to delay, interference and interruption from time to time, either as a result of legitimate peaks in demand or, say, if a denial of service attack is launched on the relevant service operator's infrastructure.
Wherever a computer or other programmable device is used to make calls, the potential for infection by viruses and malware (such as rogue diallers) exists. And whichever technique is used, there is the issue of enabling the data packets generated by phone calls to pass securely through PC, corporate and other firewalls. Some VoIP applications generate activity that's similar to hacking attempts and other attacks, for example, making it difficult to enable IP phone calls to pass through a firewall without weakening defences. For this reason, many organisations prohibit use of the IP telephony services that operate over the public internet.
The situation with regard to the use of VoIP to carry calls within organisations is somewhat different. Calls are typically received from the public telephone network using ‘standard' lines or T1/E1 connections, and so on. They are converted into VoIP by a gateway and relayed on to specific IP phones using the organisation's private data network.
The isolation of the corporate IP telephony network from the public internet removes the need to enable calls to pass through externally facing firewalls and consequently reduces the risk of many forms of attack. However, even where logical network separation is used, some connections between the organisation's IP telephony infrastructure and its data network will remain. Such connections may be able to be exploited by attackers who successfully breach the organisation's outer defences, and should therefore be minimised.
Over the coming years, operators will be using IP networks to replace their current public switched phone networks and older types of data networks. As a result, IP telephony will eventually become the dominant - potentially even the only - way of providing public phone services.
These new networks will, however, be more like current converged corporate voice and data networks than the public internet. The available capacity will be split to create a number of logically separate networks that will carry different types of traffic. Phone calls will therefore be kept separate from other types of traffic, notably internet traffic.
The way in which the 21st century networks operated by different companies will be interconnected to allow phone calls to flow around the world has yet to be fully defined but, with regard to security, these new public phone networks will effectively be private (i.e., owned and operated by one company), which will allow a high degree of security to be provided.
VoIP is no longer a new technology, with Gartner positioning it firmly on its way to the ‘plateau of productivity' on its widely respected technology hype cycle. However, neither is it a mature technology. While it is used extensively in the corporate environment, for example, the adoption of public VoIP-based phone services is still limited.
In the UAE, the use of VoIP is limited to the country's two all-service telecoms providers - Etisalat and du. Last month internet cafes in the country that were permitting the use of web-based voice services were raided and fined.
This feature is extracted from a white paper by BT.
VoIP Security Alliance, VoIP Security and Privacy Threat Taxonomy,
Dial VoIP For Vulnerability, CIO Magazine, September 15, 2005