Light Reading

Five WiFi VOIP Security Issues

Dan Jones
LR Mobile News Analysis
Dan Jones, Mobile Editor
2/16/2006
50%
50%

As enterprise deployments of WiFi VOIP systems reach the staging point, security will be a key concern for enterprise users.

Shawn Merdinger, an independent security consultant based in Austin, Texas, has worked with Cisco Systems Inc. (Nasdaq: CSCO) and 3Com Corp. (Nasdaq: COMS)/Tipping Point. He's tested around a dozen WiFi VOIP handsets and deskphones and says that security problems range from potential denial-of-service attacks to more serious issues that allow "deep access" to the device that lets a remote attacker read sensitive information on the phone.

You can see his postings on many of the devices tested, along with some workarounds here. In the wake of Merdinger's findings, Cisco Systems Inc. (Nasdaq: CSCO), Hitachi Ltd. (NYSE: HIT; Paris: PHA), and UTStarcom Inc. (Nasdaq: UTSI) have issued firmware upgrades for the devices in question. (See WiFi VOIP: How Safe?.)

Such threats are inevitable. So it's up to vendors to forestall them, according to analyst Paul Stamp, of Forrester Research Inc. "It's security 101. If we see practices like this continue as these devices get more popular then the manufacturers will only have themselves to blame when there's a widespread attack," he notes.

Still there are steps users can take to protect themselves. Here's a Top 5 list of enterprise WiFi VOIP security issues, and some ways to guard against them:

Widespread deployment equals a security headache:
Because of the "ubiquity of deployment" in many enterprises, attacks can spread quickly and be targeted to take down multiple devices at once. IT managers should stay up to the minute with phone upgrades, and consider running phones over a separate physical or virtual LAN as a defense against these attacks.

Many points of attack:
As the phones get more sophisicated, so could the points of entry for malicious attacks increase. Bluetooth, email, client Web browsers, SMS, WiFi, media players, and image viewers could open back doors for hackers. Though users can use open-source and commercial tools to continually test their phones and networks, they'll ultimately have to rely on vendors to do proactive testing on these devices. "Some vendors may engage in this testing while the majority will not," warns Merdinger.

Targeting phones in public environments:
For example, a Bluetooth scanner could be hidden at the entrance to a major airport or train station and be used to grab user data. It may be best to keep Bluetooth and other wireless features swicthed off when not needed.

Rogue again:
Meanwhile, at the office and on the road, users and IT departments will have to keep their guard up and scan for rogue access points. Hackers will set up access points to specifically target WiFi phones in the corporate space as well as at hotels, conferences, and other places business people like to congregate. Good device authentication and encryption can help provide protection here.

Targeted attacks:
Targeted attacks on specific voice-over-wireless networks could also be an issue, albeit one that the victims may try to downplay. "There will be targeted attacks on VoIP networks [from hackers or competitors] that will be kept quiet if there is no legal requirement for disclosure or obvious public knowledge," Merdinger says.

Users, however, shouldn't get in a snit about VOIP calls that are often unencrypted and therefore easier to listen in on. Unless attackers are targeting a specific user, it is much simpler to find useful information sent by the user or held on the phone than to listen in on calls, even if you're the NSA.

"Most attackers are going to go after text information -- much easier to parse for the juicy information," says Merdinger.

— Dan Jones, Site Editor, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Flash Poll
From The Founder
Anshul Sadana answers questions from Steve Saunders, Light Reading's founder and CEO, about Arista's CloudVision, a global cloud network controller for workload orchestration and workflow automation delivering a turnkey solution for cloud networking.
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
Between the CEOs
Video Exclusive With Basil Alwan, Alcatel-Lucent

7|24|15   |   26:44   |   (2) comments


Basil Alwan, President of IP Routing & Transport at Alcatel-Lucent, discusses virtualization, cultural challenges, the capex crunch and more with Light Reading founder and CEO Steve Saunders.
LRTV Custom TV
VDF: Enable the Financial With Mobile Money

7|20|15   |   06:53   |   (0) comments


Ian Ravenscroft discusses how operators can expand to occupy the entire digital services value chain through service innovation.
LRTV Custom TV
Telefónica on OSS Transformation

7|20|15   |   06:01   |   (0) comments


Jose Gonzales discusses the details of Telefónica's operation transformation program.
LRTV Custom TV
Judi Achmadi on Huawei's Cloud Storage Solution

7|20|15   |   03:33   |   (0) comments


Judi discusses the key business goals of TelekomSigma's public cloud service and how Huawei's solution helps them address challenges.
LRTV Custom TV
KPN Enlightening Digital Business & IT Transformation

7|20|15   |   06:19   |   (0) comments


Rob de Beer discusses the changes that operators need to make with service innovation now coming from the Internet world.
LRTV Custom TV
Stratus Telco-Grade Cloud Solutions & NFV

7|20|15   |   07:34   |   (0) comments


Ali Kafel from Stratus Technologies addresses high-availability concerns within the telco industry with a solution that enables telcos to provide high-availability and stateful fault-tolerance using a software-based approach.
LRTV Documentaries
The Six Million Dollar Business Man

7|20|15   |   01:52   |   (0) comments


Steve Saunders, publisher. A man barely alive after an acquisition malfunction imploded the company he founded. Gentlemen, we can rebuild Light Reading. Better, faster, stronger.
Between the CEOs
CEO Chat With Anukool Lakhina, Guavus

7|20|15   |   38:51   |   (1) comment


Guavus CEO Anukool Lakhina talks to Light Reading founder and CEO Steve Saunders about the role of operational analytics in the communications services and networking sectors, particularly in relation to IoT.
LRTV Custom TV
IBM's Flash Storage With Intel QuickAssist

7|20|15   |   03:18   |   (0) comments


Intel's Bev Crair and IBM's Eric Herzog discuss how IBM's V9000 Flash Storage System has helped customers around the world. Featuring real-time compression powered by Intel QuickAssist Technology, the V9000 is a next-gen flash storage solution.
LRTV Huawei Video Resource Center
Thailand's AIS: Transforming to an FMC Operator

7|17|15   |   4:53   |   (0) comments


Saran Phaloprakarn, Senior VP of Fixed Broadband Business Management of Thailand's AIS, was a keynote speaker at the first Asia-Pacific Ultra Broadband Summit in Bangkok. In this video, he talks to Heavy Reading about transforming into an FMC (FBB+MBB+Content) operator.
LRTV Huawei Video Resource Center
Cambodia's TRC Discusses Its Plans for National Broadband

7|17|15   |   10:33   |   (0) comments


In this video, Chakyra Moa, Chairman of Telecommunication Regulator of Cambodia (TRC), talks in in-depth with Heavy Reading about the Cambodia's current telecom market and TRC's goals and expectations for the future.
LRTV Documentaries
5G Phone

7|16|15   |   2:09   |   (4) comments


A man has an opportunity to purchase the world's first working 5G phone. Imagine the possibilities...
Upcoming Live Events
September 16-17, 2015, The Westin Galleria Dallas, Dallas, TX
September 16, 2015, The Westin Galleria Dallas, Dallas, TX
September 16, 2015, The Westin Galleria Dallas, Dallas, TX
September 29-30, 2015, The Westin Grand Müchen, Munich, Germany
October 14-15, 2015, New Orleans Ernest N. Morial Convention Center, New Orleans, LA
November 5, 2015, Hilton Santa Clara, Santa Clara, CA
December 1, 2015, The Westin Times Square, New York City
All Upcoming Live Events
Infographics
Network operators start seeing savings from NFV in the first year, according to a study by Affirmed Networks and ACG.
Hot Topics
T-Mobile Launches RCS Messaging
Sarah Thomas, Editorial Operations Director, 7/22/2015
Huawei Working Hard for Rural Success
Carol Wilson, Editor-at-large, 7/22/2015
AT&T U-verse TV Hits the Skids
Alan Breznick, Cable/Video Practice Leader, 7/24/2015
Eurobites: Alcatel-Lucent, Vodafone Test TWDM-PON
Paul Rainford, Assistant Editor, Europe, 7/22/2015
Robbins Succeeds Chambers as Cisco Changes CEOs
Mitch Wagner, West Coast Bureau Chief, Light Reading, 7/27/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Basil Alwan, President of IP Routing & Transport at Alcatel-Lucent, discusses virtualization, cultural challenges, the capex crunch and more with Light Reading founder and CEO Steve Saunders.
Guavus CEO Anukool Lakhina talks to Light Reading founder and CEO Steve Saunders about the role of operational analytics in the communications services and networking sectors, particularly in relation to IoT.