Voice over Internet Protocol, also known as VoIP, is a rapidly growing technology which utilizes a local area network (LAN) and an internet service to make phone calls, rather than utilizing traditional phones. A major benefit of VoIP is the major savings on long-distance phone calls. Whether the call placement is to a local line or across the globe, the cost is the same because it is transferred over an internet medium.

If you are considering VoIP for a personal or office setting, it is critical to know of the potential threats which could compromise your new system. Measures must be taken to ensure maximum speed and security to your business communications. Due to the fast growing nature of VoIP solutions, many hackers and criminals are capitalizing on the weaknesses of the technology. Owners must take proper measures to prevent the following attacks: denial of service, SIP vulnerabilities, SPIT, and Vishing.

The most common threat to a VoIP system is the denial of service (DoS). This brings a data network to a complete shutdown, including all applications such as VoIP. A shutdown can cause massive slowdowns in productivity especially if the system takes a while to come back on. Security bugs can also affect VoIP usage. In one instance Core Security Technologies discovered a vulnerability which allowed hackers to create buffer overflows for a DoS attack.

SIP, or session initiation protocol, is a signaling protocol used for setting up and tearing down multimedia communication sessions such as voice or video telecommunications. The problem with this protocol is that it is relatively new and thus contains little inherent security with the ability to use text for encoding and extensions that create security holes.

Some examples include registration hacking which reroutes calls and message tampering.
SPIT, or the voice incarnation of email and spam, represents ‘spam over internet telephony’. Although it is not a very popular movement it has great potential to be dangerous because there is no spam filter over a phone as there is for an email inbox.

Vishing uses telephony to collect information such as account details and other private information. One instance involved the exploitation of PayPal. The scammers emailed the victims acting as PayPal and asked them to call a number and verify their credit card information by typing in their numbers. After the number was entered the scammers were free to siphon money from the victim’s account.
 
Although these threats are very intriguing, one should not avoid the many advantages that come from VoIP technology. Any new and innovative product will have its first few bumps in the road before it is fine-tuned to the dangers of criminals and hackers. Given the proper security procedures and technology, all of these threats can be avoided.