VOIP & Telephony - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  VOIP & Telephony


Severe Vulnerabilities Are Possible in VOIP, Official Warns



 By: Wayne Rash
2005-04-05
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this VOIP & Telephony story.


Rate This Article:
Poor Best
A federal agency has researched a list of vulnerabilities unique to VOIP and is trying to find ways to combat them.

Dr. Shashi Phoha, director of the Information Technology Laboratory at the National Institute of Standards and Technology, said she thinks that the growth of VOIP technology brings with it some significant risks that users need to be prepared to address.

"The vulnerabilities are severe," she said, pointing to a list that included ways to spoof or spy that arent easily available on regular phones.

One of the biggest sources for vulnerabilities is the involvement of personal computers in creating VOIP solutions.

She said that while it may not appear to be that critical, the fact that it can be relatively easy to hack into computers can also expose the phone system to fraud and abuse.

Resource Library:
Phohas list went on to address the availability of open source eavesdropping tools, that digital phone calls could be edited by digital voice editors to add, remove or change words without any possibility of detection.

She also said that the government was worried that it would be relatively easy with VOIP phones to bug a room using on-hook audio.

This is a technique in which hackers or spies can turn on the microphone in a VOIP handset while it remains on its cradle.

This way, the phone would appear to be operating properly while actually transmitting every sound within its range to a remote site.

Other things that keep Phoha worried, she says, are the vulnerabilities related to soft phones, which are applications that work like phones, but are entirely software and are run on personal computers.

She said that these phones are vulnerable to worms, viruses and Trojan horses, and could spread these problems throughout the voice network.

A related problem, SPIT (spam over Internet telephony) could make its appearance at any time, she said.

Click here to read more about spam and other threats facing VOIP.

She says that what worries her the most, however, are "attacks we havent thought of yet."

Phoha made her remarks at a panel discussing VOIP held at the National Press Club on Monday.

To read more about a panel of communications executives seeking a VOIP standard, click here.

Phoha said that its possible to combat some of the threats her organization is finding by careful design and risk analysis.

She said that risk can also be reduced by using encryption of the voice traffic, and by using VOIP-specific intrusion detection systems and firewalls.

She also advocated keeping data traffic and VOIP on logically separate networks. She noted that her group is also working to develop new security architectures for use by the government, but that commercial and private users should also consider following the NIST recommendations, which are available on the agencys Web site.

Check out eWEEK.coms for the latest news, views and analysis on voice over IP and telephony.



  Reader Comments: Severe Vulnerabilities Are Possible in VOIP, Official Warns
>>> Be the FIRST to comment on this article!
 

 
 
>>> More VOIP & Telephony Articles          >>> More By Wayne Rash
 


x}r۸j9km"u)%rx2uT IS$I2s'ˮO7$lS%lݍFΛ$;arsݙc }{Τ.? ߛF0mRo2rBeIG6 !%H}8KKQ;iEacoA g&4ob QR/F<w[hb| ~ya_*U;a=@SѠ*v25v>6^;4 ȅ3z$aPr&NwwR 205ERZ [XdTj ӑc)u8r tuur<Z@J53f,!\RM`^<eE4f™EQJ,GD~6t.nC㳣n;l,a^WU2Z]鬘ȏwNժ{yһ59|w GlD  Wh6 NZVlo!af; dP[w8LwF/) ?:d[WλǤ MXO'׳90dio,Y\H!)M|Y|ěE#0 i4(=m8oX@/@ש] A7WtBmT3o`2 f4.ͻfh- @ho*KjLrM&@Sk~$M5ņ])!edJ-UIK _^PB5)\D7h+ԜTwTJ7#DD vxr!DKI 88c^IR.S4mpq Zo͉֗*]X_uujZlE?´R¥w9ui>\wNHw᧋N~ׁ)WC EhYf7-vI9QMmsQc1x*Ԭ4+bi_)b(7Z`Lm,5,Ltͭy0`贉;mF_{g0HP? M/6G˥uf>5 @ L^a p|gk-v1s a {>0sF}YPD5״ l"v|scм`yna23fCF{7t$4,/G`\@Z8`$8ʼE ]qksB7}`4F&QcSB\jJodN˕ }"@\ "D% T h4AZGEENmb$OHXVVppV7ݞH:w&PVs㙰ZI٣XB YX/_23CCɴX9{DMfT`B[ụLKak Sn,`oV*CUݯ5!Mz:㱩yD == 3ܴ ҆%Ll;9?f!1s WQ': x9o@CEw;Jz0aEiŬ9g߃)9 i%&B~`Z&4$ 7uGYu-EN\#ouKf{aM9+owzjré&9|Y;eڷSKZЛvs9n(!+hWY 2gdRUY 9: V֌OZZbڞZZ=""ǰP3>p(^HIRЙj!@9z٧l)s-YVk͒Zfv/KƠZ_/ B[+( MrL%q ̠eeLGuK-eRkò=2Pc62&CInQy{8dO1>7l`(`RTȥjS#Sad$֨%Obs˖@@@whJ 9?؊- ij>::ȃX點vo푛ı3 mTϣ )a!w1N(6E߰ TXzRJCIlbs(zq X0b=I{t9pJq暚:/ aOlKs7s<'uC8` ;DۃSh2F,ñiH5ߴiF+UUf-03H kRYQb?&i?怚H|A2,exY.=mQr)'j9YIv]j)UrahxhS̢©9j1|J 0&B$cǛřZayeoX};5Xh[pY;~& 6AkdfD ˦;ǙXT+pzNT%>5  dj>'do+:#Xu~H>Lb2hp \@E.br>+:WT07pn@ARԒ.ZE^q~ VKIhlT{BS7ߏ90gted- I(zr5E+J^9 _|}s8]et4R:1p&k}TJFYa߯y+5 (L50 ȈG׾#vpTOP>)fOLg29k+4C 㔁z3MdhHhwh_/_Qm(}nL:̺>~WGñ̍"9E];7WVR=>` $Ti( g AūG:aˤW6n&00"4yP?OG]Qj? 1F)W|փ3+le9L lLz_AFp%tb=M#X]WD$wm>Us7ѱtN{|?եsg8X$ΌdvY(7ϰU2 )E-0fE-vf}Xi̋z l䘇%b "8&K8.h!2"G-!XMQ\7@aOo[\jV+ {259p\Semi[}6^-=y4*sfDUJCjMa10r6f98$۳ WLdSd*Xe0LvZ_jAqfZ\j(C=(*\,J\SG~N<͠1pS A,^;M$節e:T'7mFr^+RBЛgQ!Jp]FEmR…3%!2hs)sp:'S6PFͧzje!wI#̸yF0×wgo@@lB-5bIw :ۗv¼u[~$vg#XvIW4c VS#f}E9MmHjQƳ$P` ۗ"%8M=JϸaOŏ;_7Ԍ!0F_4IZEU+Uz^+#0 0 pu ( ZAݣ, "d0ZT/~8L3Az *vBs:c-| S nh*mK Rٟ: ɖByK(ڊ xϰLty'5V131мՇݽ](>L п$}QLMXWOt@~5}qy V̶IRzgQW Mdpv@*۪=]Es1`^}cW~w]ab>$gAt~}oT݇TЇߤIR=$xyD^upC-tP2e'A)hQ:ZnW*۫Ita؆;0F@{IDWzABh_^/~{4!9^vdcxޕx\MC~x}}wy|U4#$y}{hqZ&I:D)t_6Q}F @I˸O:לY0vx!|B3HUe! z EM3hLٞ͟;+^+,kK ̀o$CdxT:,׀zB*q_?E:Ky=t6P^SJQW"REh%M |FN:ǽ6g <@69NxYɉ >}+i T t~nN1ў`m %cAd+F+9eI'ݏwGHy >w8/g`!IB^9o "HtSkԛ25 &rޚSHZFc}OӆO|AB[ATw*փdʅ$-zfeۺfIlx0cRI锐']8 z>RB'ՌI"8IUF4A2uIH?Md0XPWdht4lAW jÚmf /.^ۺm|`FXn\f0َ`q0É@P V-Mz}h_ﯣ&=)ǣAlΜh5hbJojn5K=hK_|?vOJwҽ{c;ᧅmE4 7t33TT;I6$BE-:ɾ\EVd.tٗKs|<031@7Yu (f^#zi16R354|C1B~o~<ˤaW]g{*){7wﰧ]VZtC.qF1n&Vd/.%E M OKt1ڬ/ۥ{HvV !bi4V3XT8Vc"M~q*8N_VRq^-NK8E$܅N#?ϓG4,A0X [rx=ձYffUUkEbS#5@5~2[.bեr@ ${drE]0qtRvGc$qPKa}h>r_eP?sI%( 9b=@C쨥\T "rUW-)^'Ov8޽I2cR:c>0=4<.T79|ǀK0$:IC%RYTi='fcS,kb-cO0A>&-mz3Ta*y@&B oߞ{]ڠҖRIjuS^|ic/}[<w:H` O=gF+knG6JMa$&< leٹou>}'R\۫6)V_]!b;ϵ/$BoQ+J:lߨZ0$A=XVS_5L:Gv4cS>W)|#YGYm'$(zk[ZC*U$)_3 :K*.O'&8L0:osneTj5B԰G$Hb,g*i̾1{D~0%ؐ/p_3|D8/,ZC/=߽v !8,)RÉ}G7FRr&ғ- < gxoCpH  3UB8s[ԘPL/B=CkW6s]8mq{ԖX fNwqXD#1,!T Iv娳W[6sDzDSTǚ=Jy5xY2Gbx<0 h@֓_ݐ^sz3ܤ`!ܘtMDoa1IN``1Tz\Y`*n"n8 'wcJ&!H|1h_^!!"@kr3icf/"[_0ϑ7,}t@;2JWw٦K>,c$|+}`bj^ X $>.t ;WcNXiz> 9yvxrg *knx3>;>Xx_<.>X6~1 og{,Lzۓ7\?$}< SSSS;E렊qh־TJ]qtݵcd[ t[``F@ !8(A8='!/ɸ1ڛڴkF-eδ;#?`f8ɯ=7%|5ƍzdC<#Z[K{#4oz״IG&ŗ= ~[7!-Zd*:tp$0;l0('샵;4^^aW\N̢/ KoutmLK7Tx F1t` qmrEmmnB+(nKS)I)|3Svﰗ#gHY,۴; SJc)90߾f &SHzK_ڏt>0oc&ԸZ.`5!u-, 2}I ;fC63U0 I&0IhAT0zybtzqZO7fOdgVhl|g]R'ev \ţ!{61E_}}<\Yt83MA(Abd;"tymn$z?^b+@MU7-0V@EQ*f򽧹. f濍=:sR2y,3澯Wbp,ȉyf{c ~P2L3@84ƗY'2rC$II^*/1"*ΘhV-P2a"DKopBD`&&vExYoqxd0|ju̪3.Ne-£E^iOm,~VxrFMvk ˎX= I37^H2~X3LM?C"CYl Lqìf0uۿP}d됷1VSs_2US Qȟ?D ñw{LOaR-L:'7f "EJo %x8n } {{[ܸ$Y]%"_vȏ;"lAJz]kN9- ͩ+2n?]>G\(t`qYwPVb!MT#|+IAw_[ TeQONtD:`w5%012~bbPJB)hٽH? ,q(Ds)?2n.kVAXz-7D9DNE0V)72vEa:`8(ĒAuc{ h#8\iLʃx3ZB=̛sj4Kb4BM;v*Ҍ>&ƘKjx Z/+%>% Zk^Yj+ȈZ~j\!1cuTA95Qj5]RU BI? kZj>Amo<)fFmz^C `5vX5ĮZVںq yK-y-J4sS%'0Y}i9uOy\EG8ac)`]8۳G2Wn-&~iXv>H'*t=jh D~դJ xHfF^C\*Z]퐿0|C-FEyKDką9;q'}\pYXO:Rga^1`^r¼y#?R!}X2; sϸ\dI>HP-$6೰y qG `- `\ c=jFHƒ6jWC%h~{{i*1~HD`ceĞP>933vl"mn)Fj5BX-B}F}gz}1~"js~ s1FʒlfmmUQ 6Rۅ]aiJ %0Grٚmj{6A`: ᤅ#F¯fQi^߈fFܞVk5|Tbtb 1#ZKHx %Mv 4ƿN< EOM(<Đ'd 3pS C7R<6$Aeȃ5T?0м )Fiab+;Yא5 /UPĻ8AHipo2zU.{Z}M"?{|zـjEl~e:td~NP_ԓG )׀gU"Ba=X *>IoHH(tHQkXB͓VyM3taCt樯Md=׸XtowMVQh0(vQ; CO 2ë1lV"?‰>`yUֽ?#7L>OY \Zs4cQ[ٹy}/ʘIݽa?ÈGs{#\Z"cR1@Q>~3&IBE< ,i  YC) Q?Ϥ;n#rxL1fH'i͈֜ iu8 Z_jt/:O0[? T6CĊ1gGiX$_@1S|XP؟?pk2'H0Znn`:x(Jc- .E.[q{4笠+ۤ m>A5KqjldaQ^*G71<` ?vG`!us x\jH^$Ѕ:y,@#!9ω˙陡wH_P!bޥR/U'I(a !2,=VjH|Kwy }$fMUq VH+^@0Y3%5{$͈u0!XV9]69tHQ{5.Qw} HG٪;GOǽOurPhxR6ϵM&E`<ejE)sC9,jO6W#\kpxixɎ(ah,.6DAwpRf}Y QJmÀnjJO!~Ԋkm85g5>;ٙKLU&Z֖Ӧ?huRBjs$ )ns9e MjV}Q}xS_Cuvq8Sރ^N9r hp)?Si}A(]~-κݓB{S3˜r7~N'(]~s_V9s_/}/r{ȡE^^'ecNS~909{ s#?0~9׃r?=/rqWU?99~A ~_?}ᯏP1G@M^9M@79_ry9r־…۩VQNy:j EurXB]Cy><_`k W9t _s̭LߺWǽBX\Jzp+W^vfieq  Yݩ;yУx߅ oBg}=xC//M>كk ҹl:=5쓥=M}ςoDB$p G`%a/xI\cUx ;wM-= fhNh{km ?LCꖉ#MRp#VQՊRJ^ ?'Hd6=#"(te7)R]N-Ukj0X\^9Q(Fuoo*F0fE=q'a1Vo1BDO"׏ щw(FSdWe(,$ unQKpR+x;J(q X ~Y$P*`!I֞:^G$ rfgMߟ(iǤi!#lɒ41lK桭u̿6Ӊ.H&KфY"D۸xl466;Dô)9P3l1@Й zd2Ldp!gB-ZыtK@aDK3$!-7Lj1bPU*Wy)"9<'$}S'V 1>r瑅adAkf2t}9M45~ɑ (W kEF(t#bÝPnl@P_|݆uO|Fಓ_iy&bb P|_A^λbEa"qz0q?K+_yl x Qh/I';-Xy 0r['Sr21qV@UmÈk# 1,{ԟ1H EY/j5:Z-5,l$9=ASh4ϛW5EX!% 9wr\L籽$0\d~̲vUScO@Kx.^| PgO_Ė9"Qo Q@EikA/?H3ۉzKFvޒۍƾ( ;><=صb4#UI;.~;IT0(JҍHqp/>~؆L0wK{͓:m?'6}F5+J "@"dԴ٥[˖0 m+#8B<ؾlQ޺%׸62<>biЀΧYp멎m,U|J6A1^6ك|2h}́!Xs#Q%7` <{,j;ܨNaEVb0yM&p ?dt;bSp?>pE5g2QTD )ۉYb$sLw99 3/&U@DqDgPvy566s֨`^|˼+AѾXm0w>L/#=Z$:+$~Il=bu;-Wrcd+{f:PEXl+!Rѽ+Ke$Vi؅kE6<:=܈Xx5ƽfb,JYs݁N ֹٝ˶E=bYF.DmkhT[ѩYy˷T \7gLTVc׶2TLx뤝9-g *χŀ[g_qxC'>fkpxur!}đ׈,,$[Z']Z!Ya4,Lb9"[^QI(VZжX3e3}"@a)5zdɄn~3 f<˜4W6AĶqy4ʱL˱>S>*5 3 .^32-Y ^cdKX$֬LE")w1GN= _5>g~C{%z1~X0~v1/渲Y>e5rŤ3a=`>^}.<((`F,&𑛜CAؚBTfƲ 7cP!Xd-n&oB@S .xBG,ɋ|P byx ^ŧ$FS?xD'W#.rW<a%P?tYkh?Yir /xH%H=C= ɳaF['O(QF}w68XQ|;]`gdi-/=jwpy"-Gӻ>A0|U{.Y uM+_1ZF-<#@FSQkj=Nbj|ۊX#iQgrYOKFylwN~늘p6JL? ۔9MR"GZi/%!zR4fr0>_v=,Mӝ/2a-d4džHkckjX,Q(