By Jane Plunkett
One of the sure signs that businesses and the general public are embracing Voice over Internet Protocol (VoIP) phone services is that the service is now the focus of pharming and other security attacks. One of the earliest VoIP threats identified, Caller ID spoofing, substitutes someone else’s Caller ID information as your own. And new VoIP security threats have been persistently gaining momentum week after week.
One of the sure signs that businesses and the general public are embracing Voice over Internet Protocol (VoIP) phone services is that the service is now the focus of pharming and other security attacks. One of the earliest VoIP threats identified, Caller ID spoofing, substitutes someone else’s Caller ID information as your own. And new VoIP security threats have been persistently gaining momentum week after week. But to ensure continued broad acceptance of IP telephony, security is crucial. The service is reportedly being targeted by online attackers, who have been known to eavesdrop on calls, deny customers access to their VoIP service and cause ‘clipping’ — or degraded service quality — on some accounts, said executives at Supercomm 2005, a major phone trade show, held recently in Chicago.VoIP’s security vulnerabilities could the massive potential of the service and threaten to derail the success of freely distributed VoIP software, which lets any internet connection also serve as a home or business phone line, industry analysts have predicted. About 7.5 million out of 200 million homes and offices in the US have tradedin their traditional phone lines for VoIP. But research firm Gartner predicts there could be as many as 25 million VoIP-connected homes by 2008. One of VoIP’s flaws is that it is inherently vulnerable to hackers because, like e-mail, VoIP calls find their way by locating an IP (Internet Protocol) address, a unique set of numbers assigned to each device connected to the Web. Yet while scores of commercial VoIP providers have quickly expanded to take advantage of the growing interest in the service, many have not implemented even basic security measures, such as encrypting phone calls.Time may be running out to completely contain VoIP security threats, according to analysts at Gartner, who predicted in January that it will be only two years before organised attacks begin on signaling networks, the portions of telephone networks that carry the routing instructions that ensure calls reach the right place.“Not surprisingly, as many VoIP operators rush to capture new business, hackers are rushing too — to explore and exploit ways to steal or disrupt these services,” Stephen Doty and Fred Hoffmann, two managers from BearingPoint consulting firm said in a recent report on the topic of VoIP.The light at the end of the tunnel for many VoIP service providers and equipment makers comes in the form of the recently formed VoIP Security Alliance, which was set up with the aim of generating public awareness and focus on best practices for security and privacy of internet telephony. The alliance claims to define security requirements across variety of VoIP deployments and address issues such as security-technology com-ponents, archi-tecture and network design, network management, and end-point access and authentication.