VOIP security woes listed

TechWorld.com - The Voice over IP Security Alliance has published a list of security problems that could derail IP telephony's expansion.

The list of problems is similar to the hassles of using a conventional PSTN (public switched telephone network) phones, but with added woes that come from running calls across the Internet.
Topping the industry body's list are issues such as privacy and eavesdropping, harassment by phone, premium rate abuse, and hijacking of service, all of which remain to be tackled by the industry.

But customers used to the PSTN might not be as acquainted with other threats that will arrive with the technology. These include VoIP spam, caller-ID impersonation, denial-of-service attacks, authentication and complex ID fraud.
As to denial-of-service attacks specifically, the report lists eight methods by which this can be initiated, which brings home the point that the VOIP world will have more in common with that of computing than that of the telephone networks people have become used to.
And these are only the top-level security issues. Calls can also be "black holed," or terminated unexpectedly, rerouted, and degraded. In addition to interfering with quality of service, they will also make possible further security threats such as call impersonation.
"The overall goal is to help drive VoIP security awareness in the press, industry and public," say the reports authors, who comprise engineers from a range of VoIP industry vendors.
"While some early press accounts focused on potential VoIP spam and VoIP call hijacking, the consensus of learning from this project is that there are many other threats and more prevalent risks, including economic threats from deceptive practices, malware, and denial of service," the report states.