Security Holes Make VOIP a Risky Business

By Jim Louderback  |  Posted 2004-05-12 Print this article Print

Thinking of moving your phones to VOIP to save money? Better think again. Today's SIP and VOIP protocols are as vulnerable as an unpatched version of Windows XP.

Its the latest technology craze. Turn your phones digital, and use the Internet to bypass pricey long-distance providers. Individuals and businesses can slash phone costs by 50 percent or more, with little or no loss of quality. But theres a very dark lining inside this silver cloud. VOIP (voice over IP) is just as vulnerable to hackers as other digital networking technologies. But its just far less protected—which can put your entire company at risk. According to a prominent networking and security pal of mine—who wished to remain nameless—"SIP is a very weak protocol." It uses edge-style servers, similar to FTP, e-mail and HTTP, to initiate connections between users. According to my buddy, just as hackers have attacked those servers, theyre coming after VOIP too.
What sorts of vulnerabilities exist? Lets start with the basics. Because most VOIP traffic over the Internet is unencrypted, anyone with network access can listen in on conversations. That means Willy in the mailroom can overhear your CEO and HR director discuss the latest round of layoffs.
But thats just a start. Hackers can spoof SIP and IP addresses and hijack whole conversations. Imagine a phishing-style attack where your customer ends up talking to an organized crime syndicate in Russia masquerading as your telesales group. Your customers credit cards, personal information, maybe even Social Security number, gone in a flash. Or what about denial of service? A hacker could easily flood your SIP server with bogus requests, making it impossible to send or receive calls. Or what about spamming a 4MB file to 4,000 phones? Or transmitting 500 bogus voice mail messages instantly? It can be done. Or imagine having your phone ring forever. You pick up, no answer, hang up, and it rings again. The only way to stop it is to remove the battery. Instant doorstop. Want to find out if IP telephony is right for your company? Take this Baseline quiz. Next page: Cost of mounting an attack.

With more than 20 years experience in consulting, technology, computers and media, Jim Louderback has pioneered many significant new innovations.

While building computer systems for Fortune 100 companies in the '80s, Jim developed innovative client-server computing models, implementing some of the first successful LAN-based client-server systems. He also created a highly successful iterative development methodology uniquely suited to this new systems architecture.

As Lab Director at PC Week, Jim developed and refined the product review as an essential news story. He expanded the lab to California, and created significant competitive advantage for the leading IT weekly.

When he became editor-in-chief of Windows Sources in 1995, he inherited a magazine teetering on the brink of failure. In six short months, he turned the publication into a money-maker, by refocusing it entirely on the new Windows 95. Newsstand sales tripled, and his magazine won industry awards for excellence of design and content.

In 1997, Jim launched TechTV's content, creating and nurturing a highly successful mix of help, product information, news and entertainment. He appeared in numerous segments on the network, and hosted the enormously popular Fresh Gear show for three years.

In 1999, he developed the 'Best of CES' awards program in partnership with CEA, the parent company of the CES trade show. This innovative program, where new products were judged directly on the trade show floor, was a resounding success, and continues today.

In 2000, Jim began developing, a daily, live, 8 hour TechTV news program called TechLive. Called 'the CNBC of Technology,' TechLive delivered a daily day-long dose of market news, product information, technology reporting and CEO interviews. After its highly successful launch in April of 2001, Jim managed the entire organization, along with setting editorial direction for the balance of TechTV.

In the summer or 2002, Jim joined Ziff Davis Media to be Editor-In-Chief and Vice President of Media Properties, including, Microsoft Watch, and the websites for PC Magazine, eWeek and ZDM's gaming publications.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel