Experts say there's been very few VOIP-specific attacks to date, but they expect that to change as VOIP ramps up.
The next target hackers may turn their attention to is voice over IP, as it
is increasingly viewed as a killer application.
To date few hacks of VOIP systems have been publicized, although a handful
have been targeted at consumer VOIP services from the likes of Skype and
Vonage. Luckily, enterprises that have installed VOIP systems with security as
an afterthought have seen few attempts to compromise the technology.
"That's been a big bogeyman, but we take great care in securing our
networks from any threats, and we did that before we put voice on our network,"
said Dave Duchaj, senior vice president
of Information Technology Services at First American Bank.
For more on securing VOIP systems, click here.
Which is not to say that vulnerabilities don't exist in enterprise VOIP
"You'll see vulnerabilities, but we don't see lot of evidence of real
attacks-yet," said Mark Collier, chief technology officer of SecureLogix, a
San Antonio-based company that performs security assessments for enterprises.
"We've been brought in a couple of times when people have had real
attacks, but they are pretty uncommon," added Collier, co-author of the
book "Hacking VOIP Exposed: Voice over IP Security Secrets and Solutions."
As enterprises come to rely more heavily on VOIP for their business
communications, it's only a matter of time before such attacks gain steam,
believes Dave Endler, director of research at 3Com's Tipping Point unit in Austin,
Texas, and co-author of "Hacking VOIP
"There have been more vulnerabilities discovered over the last year
than in previous years. We're seeing more issues being found and fixed by
vendors. It is becoming an attractive target," said Endler.