Light Reading
Threats to listen for as you implement WiFi VOIP, and how to stop at least some of them

Five WiFi VOIP Security Issues

Dan Jones
LR Mobile News Analysis
Dan Jones, Mobile Editor
2/16/2006
50%
50%

As enterprise deployments of WiFi VOIP systems reach the staging point, security will be a key concern for enterprise users.

Shawn Merdinger, an independent security consultant based in Austin, Texas, has worked with Cisco Systems Inc. (Nasdaq: CSCO) and 3Com Corp. (Nasdaq: COMS)/Tipping Point. He's tested around a dozen WiFi VOIP handsets and deskphones and says that security problems range from potential denial-of-service attacks to more serious issues that allow "deep access" to the device that lets a remote attacker read sensitive information on the phone.

You can see his postings on many of the devices tested, along with some workarounds here. In the wake of Merdinger's findings, Cisco Systems Inc. (Nasdaq: CSCO), Hitachi Ltd. (NYSE: HIT; Paris: PHA), and UTStarcom Inc. (Nasdaq: UTSI) have issued firmware upgrades for the devices in question. (See WiFi VOIP: How Safe?.)

Such threats are inevitable. So it's up to vendors to forestall them, according to analyst Paul Stamp, of Forrester Research Inc. "It's security 101. If we see practices like this continue as these devices get more popular then the manufacturers will only have themselves to blame when there's a widespread attack," he notes.

Still there are steps users can take to protect themselves. Here's a Top 5 list of enterprise WiFi VOIP security issues, and some ways to guard against them:

Widespread deployment equals a security headache:
Because of the "ubiquity of deployment" in many enterprises, attacks can spread quickly and be targeted to take down multiple devices at once. IT managers should stay up to the minute with phone upgrades, and consider running phones over a separate physical or virtual LAN as a defense against these attacks.

Many points of attack:
As the phones get more sophisicated, so could the points of entry for malicious attacks increase. Bluetooth, email, client Web browsers, SMS, WiFi, media players, and image viewers could open back doors for hackers. Though users can use open-source and commercial tools to continually test their phones and networks, they'll ultimately have to rely on vendors to do proactive testing on these devices. "Some vendors may engage in this testing while the majority will not," warns Merdinger.

Targeting phones in public environments:
For example, a Bluetooth scanner could be hidden at the entrance to a major airport or train station and be used to grab user data. It may be best to keep Bluetooth and other wireless features swicthed off when not needed.

Rogue again:
Meanwhile, at the office and on the road, users and IT departments will have to keep their guard up and scan for rogue access points. Hackers will set up access points to specifically target WiFi phones in the corporate space as well as at hotels, conferences, and other places business people like to congregate. Good device authentication and encryption can help provide protection here.

Targeted attacks:
Targeted attacks on specific voice-over-wireless networks could also be an issue, albeit one that the victims may try to downplay. "There will be targeted attacks on VoIP networks [from hackers or competitors] that will be kept quiet if there is no legal requirement for disclosure or obvious public knowledge," Merdinger says.

Users, however, shouldn't get in a snit about VOIP calls that are often unencrypted and therefore easier to listen in on. Unless attackers are targeting a specific user, it is much simpler to find useful information sent by the user or held on the phone than to listen in on calls, even if you're the NSA.

"Most attackers are going to go after text information -- much easier to parse for the juicy information," says Merdinger.

— Dan Jones, Site Editor, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Interviews
The New Wave of IP + Optical Integration

11|21|14   |   04:29   |   (7) comments


At the Alcatel-Lucent Technology Symposium, Heavy Reading senior analyst Sterling Perrin talks about how SDN has reshaped the discussion around packet and optical integration.
LRTV Huawei Video Resource Center
Huawei Highlights at BBWF 2014

11|20|14   |   3:40   |   (1) comment


Broadband World Forum is one of the world's largest telecoms, media and technology events with over 7,800 senior executives from across the globe converging on Amsterdam every year to identify the Next Big Thing. BBWF is an exciting place to meet the entire industry under one roof and identify the latest in network innovation, service optimization and customer ...
LRTV Huawei Video Resource Center
How Will BCMS Stimulate Margin for Broadband Operators?

11|19|14   |   6:52   |   (0) comments


In BBWF 2014, Liu Shuqing emphasizes the value of FMC 2.0 based full service experience by throwing light on the BCMS solution. The underlying principle of this innovative technique is to create network robustness and driving network from connection oriented to ACE – BAND oriented infrastructure, in which applications, cloud, and user experiences will be an asset ...
LRTV Huawei Video Resource Center
SingleFAN3.0: Better Connected Experience

11|19|14   |   3:06   |   (1) comment


At the BBWF 2014, David Hu, the VP of Huawei Access Network Product Line, talked about the future of access networks – SingleFAN3.0: faster broadband, wider coverage, and smarter connection.
LRTV Interviews
Basil Alwan Interview: The Road to Cloud

11|19|14   |   09:09   |   (0) comments


Alcatel-Lucent's head of IP and Transport talks about the migration towards a web-like networking environment, the impact of the cloud, SDN and NFV, and the yet-to-be-announced FP4 chip.
LRTV Documentaries
FairPoint Makes a Fair Point About Analytics

11|19|14   |   1:56   |   (1) comment


The US-based communication service provider gets to grips with advanced analytics, tackling data and breaking down the silos within its own business.
LRTV Documentaries
Analytics Lets C Spire Get to Know Subs

11|19|14   |   3:01   |   (2) comments


It's all about the data for US operator C Spire as it uses analytics to personalize its customer service down to individual subscribers.
LRTV Interviews
Nuage Branches Out With SDN: CEO Interview

11|17|14   |   9:32   |   (0) comments


Sunil Khandekar, CEO of Alcatel-Lucent's SDN-focused unit Nuage Networks, talks about the opportunities and challenges of breaking out of the data center into wide-area networks.
Light Reedy
Telecom Analytics Grows Up

11|14|14   |   1:15   |   (4) comments


The big data analytics debate has moved on from a year ago, with some experts suggesting it's no longer a technology challenge.
LRTV Huawei Video Resource Center
Huawei Compass

11|14|14   |   3:17   |   (1) comment


At OpenStack Summit 2014, Shuo Yang, Huawei Principal Cloud Infrastructure Architect introduced Huawei Compass, the software tool for solving customers' problems on the journey of OpenStack Cloud.
LRTV Huawei Video Resource Center
Huawei's Cloud Strategy in European Region

11|14|14   |   2:56   |   (1) comment


At OpenStack Summit 2014, Dr. Gotz, CTO of Huawei IT in European Region introduced Huawei's cloud strategy in European region.
LRTV Huawei Video Resource Center
Huawei's Contribution on OpenStack

11|14|14   |   5:58   |   (0) comments


At OpenStack Summit 2014, Dennis Gu, Huawei Chief Architect of Cloud Computing introduced the relationship between OpenStack and cloud computing, and Huawei's contribution on OpenStack.
Upcoming Live Events
December 2, 2014, New York City
December 3, 2014, New York City
December 8-10, 2014, Reykjavik, Iceland
February 12, 2015, Atlanta, GA
April 14, 2015, New York City, NY
May 6, 2015, McCormick Convention Center, Chicago, IL
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
Infographics
Irish Telecom outlines the rise of VoIP technology, including its adoption within businesses and their perception of its quality.
Hot Topics
Bell Labs Chief Slams 'Toy' Networks
Robert Clark, 11/19/2014
$38.3M: Ain't That a Kik in the SMS
Sarah Reedy, Senior Editor, 11/20/2014
Do You Have a 2020 Vision?
Dennis Mendyk, Vice President of Research, Heavy Reading, 11/21/2014
Google, AT&T, BT Unite on Network Data Models
Carol Wilson, Editor-at-large, 11/20/2014
The New Wave of IP + Optical Integration
Ray Le Maistre, Editor-in-chief, 11/21/2014
Like Us on Facebook
Twitter Feed