Eavesdropping number one threat

Texas security firm Sipera has released its top five VoIP vulnerabilities for 2007 with eavesdropping of calls listed as the number one threat because it is so much easier to do than with traditional telephony. The related threat of VoIP hopping, whereby a PC is used to mimic a VoIP phone, also scored highly as a threat. "While VoIP and Unified Communication adoption continues to grow, there is unfortunately no corresponding level of VoIP security to comprehensively protect VoIP networks, phones, users and enterprise data," said Krishna Kurapati, Sipera CTO.

Other threats listed were: Vishing, the practice of VoIP phishing, which enables hackers to spoof caller ID and present a fraudulent phone identity; toll fraud, where unauthorized users access enterprise VoIP networks to make calls;  and the Skype worm which turns off the Skype activation in infected PC's.

Sipera VIPER Lab Leader Sachin Joglekar told FierceVoIP the list was not by order of prevalence, but rather impact and ease of exploitation. "Remote eavesdropping is a huge liability and security breach for most businesses, and is not that hard for hackers to do. VoIP Hopping goes hand in hand with remote eavesdropping, while again representing a major security breach for what-everyone-always-thought-to-be-secure VLANs."

For more:
- Sipera press release
- IT managers turn blind eye to VoIP security threats Report

Related articles:
- Sipera: Vonage, Globe7, Grandstream not secure Report 
- Cisco admits to VoIP eavesdropping Report