May 10th, 2005
Cyber Security Group: six reasons why VoIP is vulnerable
This morning, the Cyber Security Industry Alliance (CSIA) released a briefing that strongly presents the case for research and development activities to improve VoIP security.
The briefing lists several reasons why VoIP is insecure, as well as the meta-consequences of this insecurity.
Here, according to the CSIA, are why VoIP is vulnerable:
-
Because of VoIP’s processing demands, standard cyber security equipment and measures often do not protect VoIP. Instead, when measures are attempted they just result in packet delay - and poor voice quality.
-
Caller ID services, including those used by first-responder groups, can be bypassed by IP telephony.
-
IP telephony hubs can be hacked, and the information stored there can be revealed to unscrupulous people and organizations.
-
VoIP voice mail is vulnerable. Since voice mail messages are, in essence, computer files, these files can be hacked and then redistributed to unlimited numbers of users.
-
VoIP conversations can easily be recorded, duplicated and quickly distributed to unauthorized recipients.
-
VoIP over Wi-Fi is subject to interception by radio scanners.
Recommendations about how to fix these security flaws will be presented at the CSIA’s "Workshop on Securing Voice over IP; ‘Harmonizing Technology and Policy,’" to be held in Washington on June 1-2.
Because the report seeks to galvanize action on the part of lawmakers and policy makers, the location of the workshop is intentional.
Do you think the CSIA has a point? Or, to be more precise, six of them? Are some of their points more valid than others? Did they miss anything? TalkBack to us.
Russell Shaw is an enterprise computing journalist, analyst and author based in Portland, Oregon. See his full profile and disclosure of his industry affiliations.
