With it’s low cost and seemingly endless array of features, there’s a lot to love about VoIP Phone Systems.
But one aspect of this exploding technology continues to be a major concern for business owners: Security.
Since it’s inception, internet telephony has been vulnerable to hackers, disgruntled employees and others who wish to gather information or create network disruptions. And while file encryption, firewalls and authentication all help curb these invasions — they can also affect call quality. Despite this fact, business owners would be remiss not to take steps to secure their VoIP network — especially given the most recent research from Columbia University.
Do You Know Who’s Listening to Your Private Conversations?
At a recent gathering of device and mobile security experts in San Francisco a researcher at Columbia University demonstrated how networked devices — like printers and VoIP phones — can be taken over by hackers, giving them access to private conversations and sensitive documents, reported Business Wire last month.
In seconds, Ang Cui, a fifth-year grad student from the Columbia University Intrusion Detection Systems Lab, inserted and removed a small external circuit board into the ethernet port of a common Cisco-branded VoIP phone during the annual Amphion Forum. He then used his own smartphone to listen to every word spoken near the VoIP phone, even with the phone still on the hook.
Once one phone in the network is similarly compromised, Cui said all are vulnerable, and — perhaps more alarming — the grad student said he could perform a similar maneuver from another location, without even needing the circuit board .
Could Hackers Be Reading Documents From Your Printers?
In related research, Cui also found that a networked printer could be compromised with potentially-malicious code during a standard firmware update. The code allows hackers to get behind an organization’s firewall and view any documents being printed or stored, as well as launch other attacks on the network without ever having to set foot in the building.
Why Are These Networks Vulnerable?
Routers, printers and phones don’t have host-based intrusion systems or anti-virus protection built in, according to Cui, and most don’t have any encryption for data in motion and at rest. The most commonly used security systems don’t work for embedded systems, like VoIP phones or networked printers, either. Cui also pointed out that code signing was not enough to secure information.
How Can Your Business Protect Itself?
There are several ways an organization can protect itself against VoIP hackers, according to TechRepublic.com, including:
- Separate your VoIP network from your data network. While this means you won’t be able to take advantage of all the features of your VoIP service, it exposes your network to fewer threats and reduces the attack surface.
- Authenticate anyone trying to connect with your VoIP network from the outside.
- Use encryption so that any VoIP packet a hacker might intercept is indecipherable.
- Use an intrusion detection system/intrusion prevention system, as well as a VoIP-aware firewall.
- Protect the physical layer of your VoIP network (Ethernet, fiber optic cabling, airwaves) by: keeping call servers in a locked room, restricting access to endpoints like hard phones or soft phone programs installed on computers, running cabling through conduits and walls, and containing wireless signals within the building
“The VoIP phone vulnerability demonstrated at the Amphion Forum was a stark reminder of the need to address the device security mess. The sad fact is that most devices connected to corporate networks, like printers and VoIP phones, are almost totally unsecured,” Kurt Stammberger, CISSP, vice president of market development at Mocana and chair of the Amphion Forum told Business Wire.
Learn more about VoIP Phone Systems on ResourceNation.com.
Photo courtesy of Stock.Xchng