Light Reading

Five WiFi VOIP Security Issues

Dan Jones
LR Mobile News Analysis
Dan Jones, Mobile Editor
2/16/2006
50%
50%

As enterprise deployments of WiFi VOIP systems reach the staging point, security will be a key concern for enterprise users.

Shawn Merdinger, an independent security consultant based in Austin, Texas, has worked with Cisco Systems Inc. (Nasdaq: CSCO) and 3Com Corp. (Nasdaq: COMS)/Tipping Point. He's tested around a dozen WiFi VOIP handsets and deskphones and says that security problems range from potential denial-of-service attacks to more serious issues that allow "deep access" to the device that lets a remote attacker read sensitive information on the phone.

You can see his postings on many of the devices tested, along with some workarounds here. In the wake of Merdinger's findings, Cisco Systems Inc. (Nasdaq: CSCO), Hitachi Ltd. (NYSE: HIT; Paris: PHA), and UTStarcom Inc. (Nasdaq: UTSI) have issued firmware upgrades for the devices in question. (See WiFi VOIP: How Safe?.)

Such threats are inevitable. So it's up to vendors to forestall them, according to analyst Paul Stamp, of Forrester Research Inc. "It's security 101. If we see practices like this continue as these devices get more popular then the manufacturers will only have themselves to blame when there's a widespread attack," he notes.

Still there are steps users can take to protect themselves. Here's a Top 5 list of enterprise WiFi VOIP security issues, and some ways to guard against them:

Widespread deployment equals a security headache:
Because of the "ubiquity of deployment" in many enterprises, attacks can spread quickly and be targeted to take down multiple devices at once. IT managers should stay up to the minute with phone upgrades, and consider running phones over a separate physical or virtual LAN as a defense against these attacks.

Many points of attack:
As the phones get more sophisicated, so could the points of entry for malicious attacks increase. Bluetooth, email, client Web browsers, SMS, WiFi, media players, and image viewers could open back doors for hackers. Though users can use open-source and commercial tools to continually test their phones and networks, they'll ultimately have to rely on vendors to do proactive testing on these devices. "Some vendors may engage in this testing while the majority will not," warns Merdinger.

Targeting phones in public environments:
For example, a Bluetooth scanner could be hidden at the entrance to a major airport or train station and be used to grab user data. It may be best to keep Bluetooth and other wireless features swicthed off when not needed.

Rogue again:
Meanwhile, at the office and on the road, users and IT departments will have to keep their guard up and scan for rogue access points. Hackers will set up access points to specifically target WiFi phones in the corporate space as well as at hotels, conferences, and other places business people like to congregate. Good device authentication and encryption can help provide protection here.

Targeted attacks:
Targeted attacks on specific voice-over-wireless networks could also be an issue, albeit one that the victims may try to downplay. "There will be targeted attacks on VoIP networks [from hackers or competitors] that will be kept quiet if there is no legal requirement for disclosure or obvious public knowledge," Merdinger says.

Users, however, shouldn't get in a snit about VOIP calls that are often unencrypted and therefore easier to listen in on. Unless attackers are targeting a specific user, it is much simpler to find useful information sent by the user or held on the phone than to listen in on calls, even if you're the NSA.

"Most attackers are going to go after text information -- much easier to parse for the juicy information," says Merdinger.

— Dan Jones, Site Editor, Unstrung

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Flash Poll
From The Founder
Ericsson's Hyperscale Datacenter System (HDS) 8000, featuring Intel's Rack Scale Architecture, caused a stir when it was announced at MWC 2015. For more on this revolutionary product, join me on Thursday, April 30 at 12:00 p.m. EST for a Super Webinar event, A New Hardware Paradigm for the Telco Data Center.
LRTV Documentaries
CableLabs' Clarke Updates Cable Virtualization

4|23|15   |   05:41   |   (1) comment


Former BT exec now leading CableLabs' NFV and SDN efforts explains key role of open source and updates efforts to virtualize the home network.
LRTV Interviews
Ericsson's CTO Talks Transformation: Pt. II

4|23|15   |   08:19   |   (1) comment


In the second installment of an in-depth two-part interview, Ericsson's CTO Ulf Ewaldsson talks to Light Reading CEO and founder Steve Saunders about cultural change, network slicing and technology advances.
LRTV Interviews
Ericsson's CTO Talks Transformation: Pt. I

4|23|15   |   09:27   |   (3) comments


In the first installment of an in-depth two-part interview, Ericsson's CTO Ulf Ewaldsson talks to Light Reading CEO and founder Steve Saunders about the incredible transformation underway in the communications networking industry.
LRTV Documentaries
LTE Paves the Way for the 5G Revolution

4|20|15   |   4:20   |   (0) comments


Håkan Andersson, head of 5G product strategy of the Radio Business Unit at Ericsson, discusses the role of LTE, the US and other industry verticals in building a true 5G ecosystem.
LRTV Documentaries
The 3GPP's Road to 5G Standardization

4|17|15   |   4:43   |   (0) comments


Satoshi Nagata, chairman of the 3GPP's TSG-RAN group and a manager at NTT Docomo, explains the standardization process for 5G, as well as the biggest challenges and opportunities.
LRTV Documentaries
AlcaLu CTO Makes the Case for a New 5G Air Interface

4|16|15   |   3:54   |   (0) comments


Michael Peeters, CTO of wireless at Alcatel-Lucent, explains why 5G will require a new air interface to meet its diverse performance targets.
LRTV Documentaries
AlcaLu + Nokia: The New Uber-Vendor

4|15|15   |   2:42   |   (4) comments


Heavy Reading Senior Analyst Gabriel Brown discusses the technological and competitive opportunities and challenges if a merger between Alcatel-Lucent and Nokia comes to pass.
LRTV Huawei Video Resource Center
Huawei's Data Center Power Play

4|15|15   |   6:22   |   (0) comments


Huawei has developed industry-leading energy efficiency capabilities for its indoor and outdoor data center solutions, explains Dr. Fang Liangzhou, vice president of Huawei's Network Energy product Line.
LRTV Huawei Video Resource Center
Huawei’s Routers, Switches Get the Green Mark

4|15|15   |   2:02   |   (0) comments


TUV Rheinland's Frank Dudley explains how Huawei's routers and switches have been successfully tested by energy efficiency experts and have gained Green Mark Certification.
LRTV Documentaries
A Finn, a Frenchman & a Guy From New Jersey Walk Into a Merger...

4|15|15   |   3:17   |   (0) comments


Stop us if you've heard this one before... Light Reading CEO Founder & CEO Steve Saunders weighs in on the technical and cultural implications of a Nokia and Alcatel-Lucent merger.
LRTV Huawei Video Resource Center
Accounting for Better Solutions

4|10|15   |   02:31   |   (1) comment


Murad Yousuf, CTO at Saudi Arabia's Ministry of Finance (Dept. of Zakat & Income Tax), talks about the benefits of deploying router technology from Huawei.
LRTV Huawei Video Resource Center
What's in Store for Huawei & DataCore?

4|10|15   |   05:44   |   (0) comments


At the CeBIT trade show in Hannover, Germany, George Teixeira, CEO of software-defined storage (SDS) specialist DataCore Software, explains why he has just signed a partnership agreement with Huawei Technologies.
Upcoming Live Events
May 6, 2015, Georgia World Congress, Atlanta, GA
May 12, 2015, Grand Hyatt, Denver, CO
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 8, 2015, Chicago, IL
June 9-10, 2015, Chicago, IL
June 9, 2015, Chicago, IL
June 10, 2015, Chicago, IL
September 29-30, 2015, The Westin Grand Müchen, Munich, Germany
October 6, 2015, Westin Peachtree Plaza, Atlanta, GA
November 11-12, 2015, The Westin Peachtree Plaza, Atlanta, GA
All Upcoming Live Events
Infographics
In its latest survey covering network operators' plans and strategies for ICT transformation, Heavy Reading asked telecom operators worldwide to identify the most important goals and objectives for their ICT transformation initiatives. Heavy Reading also asked operators about the importance of a "digital first" strategy, which enables customers to complete an interaction across different digital channels, such as web and mobile self-service and social media.
Hot Topics
Comcast Formally Ends Its Bid for TWC
Mari Silbey, Independent Technology Editor, 4/24/2015
What if the Comcast Merger Fails?
Mari Silbey, Independent Technology Editor, 4/20/2015
Google's WiFi-First Mobile Service 'Fi' Is Here
Dan Jones, Mobile Editor, 4/22/2015
Adtran Is Developing White Box GPON Tech
Ray Le Maistre, Editor-in-chief, 4/24/2015
Comcast Merger May Hinge on Hulu
Mari Silbey, Independent Technology Editor, 4/22/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Many leading communications companies can claim to have undergone significant periods of reinvention during their histories, but none have been through more major ...
Data Center Interconnect, or DCI, is one of the hottest sectors in telecom currently. Since coming back to Light Reading last year, prodigal-son style, I've ...
Cats with Phones
Learning Curve Click Here
Pierre could never remember how to use Excel.
Latest Comment