Tuesday, February 13, 2007

Why VoIP is vulnerable

VoIP is simply data transmitted in digital packet form. This means it can be attacked, hacked, intercepted, manipulated, re-routed and degraded just like packets on the data network. All of the maladies of the data network -- viruses, worms, trojan, DoS attacks and hijacking -- are possible on the VoIP network.

...examples of potential VoIP attacks:
· Toll Fraud/Service Theft -- This will likely be the most common attack in the early stages of VoIP, where an unauthorized user gains access to the VoIP network by mimicking an authorized user or seizing control of an IP phone and initiating outbound long distance calls.

· Eavesdropping -- VoIP services measurement and troubleshooting software makes eavesdropping on a packetized voice calls relatively easy.

· Phishing -- The same techniques used to steal identity information over email are being used over VoIP. Criminals spoof caller identification information so it looks like the call is coming from a legitimate organization and then ask the call recipient for identity information. (more)