VoIP service providers and enterprises should initiate steps to minimize security risks before the wide deployment of technology, says Ovum, an analyst and consulting company.
An Ovum survey says that most organizations are either new to IP telephony or are still considering adopting it. The primary concern here is voice quality and functionality. Few have given thought to security measures.
Even those organizations that have given a thought are primarily concerned with disclosing sensitive information on phone calls or unwanted marketing calls.
They are completely oblivious to the real risks, the survey states.
"We do not know which threats will become critical in VoIP or how long the process will take, but it would be foolish to ignore them," notes Graham Titterington, a principal analyst and security expert with Ovum.
Two areas are mainly at risk: the integrity of IP telephony systems and data systems to which they are connected. Internet attacks on data networks can attack the VoIP network. With VoIP, telephony and data systems will share the same network.
According to Hitachi risks threatening VoIP are:
Spam: where mechanically replicated voice messages flood the systems and inundate users.
Phishing: Using voice spam to obtain personal information such as bank details: toll fraud, where premium calls are made to a number benefiting hacker denial of service attacks, that prevents use of services such as the telephony service.
Users are currently demanding increased security in VoIP products and services. As a result, security improvements are driven by supply side of the industry: Vendors and IP telephony service providers.
"Vendors are pushing existing security products to businesses, but these products focus on the public Internet, which is not normally a component of enterprise VoIP networks," says Titterington.
"The service providers are the role models that enterprises with their own internal VoIP services look up to. They have a reputation that is fundamental to their business health," he adds.
