Make Sure You Know the VoIP Security Loopholes
Around a dozen WiFi VoIP handsets and deskphones have been scrutinised by top security experts, who say that security problems range from potential DoS attacks to more severe issues that allow “deep access” to the handset that lets a hacker read any sensitive information on the phone.
Such threats are inevitable. So where is the onus to prevent such problems? it has been posited that if we see practices like this grow as these devices as used more widely then the manufacturers will only have themselves to blame when the security backlash comes back to haunt them.
Voice over IP hacking is the contemporary version of war dialing - a strategy of automatically scanning telephone numbers using a modem, usually ringing every telephone number in a local area to find where computers or fax machines are available, then attempting to access them by guessing passwords.
Still there are precautions users can take to mitigate the risk. Here’s a list of WiFi VOIP security issues, and some useful ways to guard against them:
Multiple points of attack:
As the phones get more sophisticated, so could the points of entry for malicious attacks increase. Email, client Web browsers, Bluetooth, SMS, WiFi, media players, and image viewers could all give hackers a point of entry. Though users can use open-source as well as commercial tools to frequently test their phones and networks, they’ll ultimately have to rely on vendors to also do proactive testing on these devices.
Targeting phones in public environments:
One way of doing this is a Bluetooth scanner could be hidden at the entrance to a major public space and be used to steal user data. It may be best to keep Bluetooth and other wireless features swicthed off when not needed.
Rogue access points:
Meanwhile at the office or on the road, customers will have to always be wary and scan for rogue access points. Unscrupulous individuals will set up access points to specifically target WiFi phones in the corporate space as well as at hotels and other places business people like to come together. Good device authentication and encryption can help provide protection here.
Targeted attacks:
Select attacks on specific voice-over-wireless networks could also be an issue, although perhaps one that the victims may try to downplay.
