A new report from the Information Security Forum (ISF) warns that along with existing security problems associated with IP networks, VoIP will present new and more sophisticated threats such as caller ID spoofing, voice modifiers, SPIT (voicemail spam) and packet injections. With VoIP now poised to hit the business market in a big way, ISF believes that failure to address these serious risks may bring voice communications to a grinding halt and result in identify theft and loss of sensitive information.
With a combination of caller ID spoofing and freely available voice modification software, it is relatively easy to pose convincingly as someone else, similar to website spoofing and phishing. But ISF believes that one of the most virulent problems posed by VoIP will come about as a direct result of the low cost of sending voice messages over the Internet. SPIT - spam over Internet telephony - could become a huge problem for companies. This could range from staff wasting time clearing unwanted voicemail messages to a total loss of service.
Other VoIP security issues highlighted in the report range from redirection of calls and packet injections where words are inserted into the data stream mid -conversation to the interception of sensitive voice traffic in transit and theft of VoIP bandwidth.
In surveying ISF members to research the report, concerns were also expressed that as VoIP becomes more popular, organized criminals will turn their attention to sabotaging businesses by disabling phone systems through DoS attacks or spreading malicious viruses or worms. The problems of poor quality transmission and loss of service are gradually being overcome, which is expected to lead to more widespread adoption and reliance on VoIP in the future. This trend is also being driven by cost savings, improved functionality, ease of access and low cost of entry.
"Although VoIP is being increasingly used in the home environment, most businesses are still reliant on the Public Switch Telephone Network," said Nick Frost, Consultant at the ISF. "We take it for granted but it is extremely resilient, something that VoIP can not currently deliver. But it is inevitable that eventually VoIP will take over as the voice service of choice, bringing with it these additional new security risks."
The Information Security Forum was founded in 1989 and is a not-for-profit international association of over 270 leading organizations which fund and co-operate in the development of practical, business driven solutions to information security and risk management problems. ISF undertakes a leading-edge research program and has invested more than $100 million to create a library of over 200 authoritative reports that are available free of charge to members.
For more visit www.securityforum.org.
© 2006 Telecom Reseller. All Rights Reserved.