Light Reading
Threats to listen for as you implement WiFi VOIP, and how to stop at least some of them

Five WiFi VOIP Security Issues

Dan Jones
LR Mobile News Analysis
Dan Jones, Mobile Editor
2/16/2006
50%
50%

As enterprise deployments of WiFi VOIP systems reach the staging point, security will be a key concern for enterprise users.

Shawn Merdinger, an independent security consultant based in Austin, Texas, has worked with Cisco Systems Inc. (Nasdaq: CSCO) and 3Com Corp. (Nasdaq: COMS)/Tipping Point. He's tested around a dozen WiFi VOIP handsets and deskphones and says that security problems range from potential denial-of-service attacks to more serious issues that allow "deep access" to the device that lets a remote attacker read sensitive information on the phone.

You can see his postings on many of the devices tested, along with some workarounds here. In the wake of Merdinger's findings, Cisco Systems Inc. (Nasdaq: CSCO), Hitachi Ltd. (NYSE: HIT; Paris: PHA), and UTStarcom Inc. (Nasdaq: UTSI) have issued firmware upgrades for the devices in question. (See WiFi VOIP: How Safe?.)

Such threats are inevitable. So it's up to vendors to forestall them, according to analyst Paul Stamp, of Forrester Research Inc. "It's security 101. If we see practices like this continue as these devices get more popular then the manufacturers will only have themselves to blame when there's a widespread attack," he notes.

Still there are steps users can take to protect themselves. Here's a Top 5 list of enterprise WiFi VOIP security issues, and some ways to guard against them:

Widespread deployment equals a security headache:
Because of the "ubiquity of deployment" in many enterprises, attacks can spread quickly and be targeted to take down multiple devices at once. IT managers should stay up to the minute with phone upgrades, and consider running phones over a separate physical or virtual LAN as a defense against these attacks.

Many points of attack:
As the phones get more sophisicated, so could the points of entry for malicious attacks increase. Bluetooth, email, client Web browsers, SMS, WiFi, media players, and image viewers could open back doors for hackers. Though users can use open-source and commercial tools to continually test their phones and networks, they'll ultimately have to rely on vendors to do proactive testing on these devices. "Some vendors may engage in this testing while the majority will not," warns Merdinger.

Targeting phones in public environments:
For example, a Bluetooth scanner could be hidden at the entrance to a major airport or train station and be used to grab user data. It may be best to keep Bluetooth and other wireless features swicthed off when not needed.

Rogue again:
Meanwhile, at the office and on the road, users and IT departments will have to keep their guard up and scan for rogue access points. Hackers will set up access points to specifically target WiFi phones in the corporate space as well as at hotels, conferences, and other places business people like to congregate. Good device authentication and encryption can help provide protection here.

Targeted attacks:
Targeted attacks on specific voice-over-wireless networks could also be an issue, albeit one that the victims may try to downplay. "There will be targeted attacks on VoIP networks [from hackers or competitors] that will be kept quiet if there is no legal requirement for disclosure or obvious public knowledge," Merdinger says.

Users, however, shouldn't get in a snit about VOIP calls that are often unencrypted and therefore easier to listen in on. Unless attackers are targeting a specific user, it is much simpler to find useful information sent by the user or held on the phone than to listen in on calls, even if you're the NSA.

"Most attackers are going to go after text information -- much easier to parse for the juicy information," says Merdinger.

— Dan Jones, Site Editor, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Flash Poll
From The Founder
Is your network built on 'The Old IP,' or are you part of 'The New IP' revolution?
LRTV Documentaries
A Cultural Shift for an OTT World

9|26|14   |   01:41   |   (3) comments


Telcos need to embrace a new approach to partnerships if they are to generate extra revenues quickly and give customers what they want.
LRTV Documentaries
New Skills Needed as Telecom, IT Collide

9|26|14   |   4:07   |   (1) comment


As telecom and IT collide, new technologies are emerging, new skills are needed and new opportunities for women are arising.
UBB Forum News
Do IP Networks Need An Overhaul?

9|25|14   |   02:01   |   (0) comments


As traffic levels ramp, do IP networks need new technologies and topologies?
LRTV Documentaries
Sprint Wields Its Influence in the Valley

9|25|14   |   3:09   |   (11) comments


Anne-Louise Kardas, Sprint's connection to startups in the Valley, explains how telcos can be innovative and find new opportunities with partners.
LRTV Documentaries
SDN, NFV & The Future of XO's Network

9|25|14   |   3:47   |   (1) comment


XO Communications COO Don MacNeil explains how cloud, SDN and NFV are altering its network requirements as well as changing data centers of the future.
UBB Forum News
The OTT Conundrum

9|24|14   |   01:39   |   (0) comments


What is holding back prosperous partnerships between telcos and the OTT players?
LRTV Documentaries
Putting Broadband to Work

9|24|14   |   01:26   |   (0) comments


High-speed broadband network rollout is key to telco strategies, but it's what happens after the network is built that counts.
Light Reedy
Light Reading's Women in Telecom Recap

9|24|14   |   0:55   |   (4) comments


Our first Women in Telecom breakfast was a huge success, and we hope you'll join us in London for the next event on November 6.
UBB Forum News
Monetizing Ultra-Broadband

9|24|14   |   01:43   |   (2) comments


Ultra-broadband networks need to be built, with fiber-to-the-premises the ultimate goal, but they need to be monetized, too.
LRTV Huawei Video Resource Center
Sales Director of INIT on Plug & Play Switch Devices

9|19|14   |   3:21   |   (0) comments


INIT Italy uses both the Huawei S5700 and S7700 series switches for the campus LAN environment. Sales Director Andrea Curti says their company chose these Huawei devices over others because of their performance, flexible scalability and plug-and-play features.
LRTV Huawei Video Resource Center
Saudi Arabia Upgrades Vocational Training System

9|19|14   |   3:31   |   (0) comments


The Technical and Vocational Training Corporation (TVTC) has 100,000 students, 150 government-owned institutions and oversees 1000 private institutes. The CIO of TVTC explains that Huawei devices have allowed them to manage multiple datacenters using just one software program, scientifically tracking the progress of students and teachers, saving them millions.
LRTV Huawei Video Resource Center
Huawei's Media Solutions Are Here to Stay

9|19|14   |   4:35   |   (0) comments


The current media revolution requires rapid upgrades in technology. New formats (HD, 3D, 4K etc.) and the subsequent explosion of file sizes demand sophisticated network and storage architecture. Social media and the multiple distribution channels require a robust asset management system. Gartner analyst Venecia Liu speaks about the current technological trends in ...
Upcoming Live Events
October 29, 2014, New York City
November 6, 2014, Santa Clara
November 11, 2014, Atlanta, GA
December 2, 2014, New York City
December 3, 2014, New York City
December 9-10, 2014, Reykjavik, Iceland
June 9-10, 2015, Chicago, IL
Infographics
Half of the world's population will be connected to the Internet by 2017, but not just by smartphones and desktops.
Hot Topics
Facebook Pokes Around LTE Direct
Sarah Reedy, Senior Editor, 9/25/2014
Is Redbox Instant Shutting Down?
Mari Silbey, Independent Technology Editor, 9/30/2014
Sprint Wields Its Influence in the Valley
Sarah Reedy, Senior Editor, 9/25/2014
US Ignite Cultivates Gigabit Apps
Jason Meyers, Senior Editor, Utility Communications/IoT, 9/25/2014
Like Us on Facebook
Twitter Feed