The proliferation of Voice over Internet Protocol (VoIP) increases the security risks on the Internet to a new level, according to Yaron Raps, a solution partner at BusinessEdge Solutions, a communications industry consulting firm in East Brunswick, NJ.
Service providers must grapple with the reality that the voice transmission they are providing their customers will never be 100 per cent secure, he cautions, likening controlling security on the Internet to stopping spam, overnight. “It is not enough to install a firewall and say my network is secure. That just won’t take care of the problem in an environment where IP traffic traverses multiple hops within a single network and then spans multiple networks.”
“There are hackers today focused on the PSTN and the Internet, but VoIP, which unites the worlds of voice and the Internet, exacerbates the existing security vulnerabilities inherent in both,” he continues. “Further, VoIP introduces unique security and fraud threats that never existed before.”
Raps cites an array of traditional and new threats, including:
• hackers who tap into a network to get free phone service — or similarly make international calls at domestic rates.
• users who are able to ‘draw’ multiple dial tones but appear as a single line to the carrier.
• individuals who hijack the IP-Phone profile can replicate that across multiple devices and make free phone calls.
• callers who spoof their identity and become impossible to track.
• hackers who tap into the network just for fun and threaten the integrity, stability and potentially, access to emergency services.
• quality that can be compromised because of the real-time nature of VoIP transmissions and the impact that viruses and denial of service-type attacks have on latency over the public Internet.
“There’s a little bit of fear-mongering here,” responds Nicole Mumford, vice-president of sales at OneConnect, a Toronto-based independent service provider that claims to be the first to deliver hosted VoIP to Canadian businesses.
She admits that with VoIP,