Security Holes Make VOIP a Risky Business

By Jim Louderback  |  Posted 2004-05-12

Security Holes Make VOIP a Risky Business

Its the latest technology craze. Turn your phones digital, and use the Internet to bypass pricey long-distance providers. Individuals and businesses can slash phone costs by 50 percent or more, with little or no loss of quality.

But theres a very dark lining inside this silver cloud. VOIP (voice over IP) is just as vulnerable to hackers as other digital networking technologies. But its just far less protected—which can put your entire company at risk.

According to a prominent networking and security pal of mine—who wished to remain nameless—"SIP is a very weak protocol." It uses edge-style servers, similar to FTP, e-mail and HTTP, to initiate connections between users. According to my buddy, just as hackers have attacked those servers, theyre coming after VOIP too.

What sorts of vulnerabilities exist? Lets start with the basics. Because most VOIP traffic over the Internet is unencrypted, anyone with network access can listen in on conversations. That means Willy in the mailroom can overhear your CEO and HR director discuss the latest round of layoffs.

But thats just a start. Hackers can spoof SIP and IP addresses and hijack whole conversations. Imagine a phishing-style attack where your customer ends up talking to an organized crime syndicate in Russia masquerading as your telesales group. Your customers credit cards, personal information, maybe even Social Security number, gone in a flash.

Or what about denial of service? A hacker could easily flood your SIP server with bogus requests, making it impossible to send or receive calls. Or what about spamming a 4MB file to 4,000 phones? Or transmitting 500 bogus voice mail messages instantly? It can be done. Or imagine having your phone ring forever. You pick up, no answer, hang up, and it rings again. The only way to stop it is to remove the battery. Instant doorstop.

Want to find out if IP telephony is right for your company? Take this Baseline quiz.

Next page: Cost of mounting an attack.

Cost of an Attack

Sure, many of these problems exist with the current switched voice network. But whats different here is the cost of mounting an attack. Its like the difference between junk mail and spam. The cost of postage keeps you from receiving a truckload of junk mail each day, but spam is free—and thus overwhelming.

VOIP is simply streaming e-mail. Traceable, expensive attacks using POTS are anonymous and free over VOIP.

Compared with the world of data, where a mature security infrastructure has evolved—with AV research labs, firewalls and appliances, VOIP is as vulnerable as a mail-order bride.

Even worse, our voice expectations are so much higher than with data. Weve come to expect that e-mail and networks will go down occasionally. But phones are inviolate. Business expects a 99.9999 percent uptime for voice networks.

Is VOIP reaching the "tipping point"? Find out here.

Do others agree that VOIP poses a huge security problem? Based on my informal survey at NetWorld+Interop, yes. Brian Burch, the chief marketing officer of conferencing vendor Raindance, agreed. He was careful, though, to make a distinction between voice over the Internet, and IP-based voice over a secure private network.

Raindance is about to launch an IP version of its popular voice conferencing system, but only over a secure and isolated network. Does Raindance think Internet-based voice is safe? "No, we do not," Burch replied emphatically. "There are not enough layers of security yet."

Next page: MCI builds in safeguards.

MCI Safeguards

Kurt Jarvis, a technical engineer at MCI, agreed. However, he pointed to safeguards built into his companys Advantage VOIP product as protection enough. MCI uses SIPs digest authentication mechanism for hiding the user credentials as well as an expiring nonce in the challenge, which makes a replay attack more difficult.

A denial-of-service attack is "possible but unlikely," he claimed, and even if it happened, MCIs UUnet-based network would clamp down and terminate the attack within five minutes. Thats fine if youre traversing just MCIs network, but not so great if you cross a boundary.

Ian Grey, a product marketing manager at Foundry Networks, is also worried. "Its absolutely susceptible" to hacks, he said. But he doesnt think a downed IP-PBX is as critical a problem as it once was. "My CEO will just pick up his cellphone" if theres a problem, Grey said.

Sure, you can tell your CEO to use his cellphone, but what about customers? What will you do when hackers demolish your voice network? How will you bring your switchboard and call center back online?

Despite the assurances from MCI and Foundry, I see VOIP and SIP vulnerability as a huge problem. Without a robust security infrastructure, Internet-based voice traffic is vulnerable to all kinds of monkey business. Im a huge fan of VOIP, and I think itll change the world. But until we can protect those phones and servers from criminals, Id recommend caution.

That doesnt mean you cant save money with VOIP. Take a cue from Raindances Burch and make a clear distinction between public and private networks. IP-based voice should work just fine over your secure corporate network. Just beware. When your pristine voice packets touch the dirty net, all bets are off.

Editors Note: This story was updated to include more detailed information about MCIs authentication scheme.

Check out eWEEK.coms Server and Networking Center at for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.

Rocket Fuel