According to Dark Reading, though not much of a security concern in the past, Voice over Internet Protocol (VoIP) is expected to face an increasing number of threats in 2007. As more businesses make the switch to VoIP and more VoIP hacking tools become available, increasing numbers of hackers will turn their attention to VoIP.
SecureLogix CTO Mark Collier and TippingPoint director of security research David Endler recently published "Hacking Exposed: VoIP," a book that lists over 20 VoIP hacking tools, spanning from denial-of-service attacks to adding audio to current IP calls.
"There's not a lot of research here yet," said Endler. "VoIP is still a nascent market. VoIP is following the same path as other technologies. It was considered a killer app, and it was widely deployed and security wasn't addressed until afterward."
Attacks in the past targeting networks have damaged VoIP, but they will become focused on VoIP in 2007, as it is simply another application running over the IP backbone, vulnerable to sniffing or intercepting traffic. Dan York of the Voice Over IP Security Alliance points out that the biggest weakness in VoIP lies in the Session Initiation Protocol trunking area, which allows the PSTN to be bypassed in favor of an Internet connection for linking to a VoIP service provider. Gartner research director Lawrence Orans says that while proprietary signals are still being used in IP telephone systems, "There should be more focus on firewalls and IPSes better protecting PBX servers." York said encryption also helps protect voice content by allowing confidentiality.