Naturally, VoIP inevitably was going to have to deal with the same type of security concerns that other data networks have faced. But the security space moves fast, and in recent months VoIP security has gone from an impending issue to a top-of-mind problem for vendors, VARs and users.
The Miami case, in which the alleged offender is accused of tapping into IP telephony networks to fraudulently sell more than 10 million minutes of calls, represents an escalation from simple denial- and loss-of-service threats to more serious theft-of-service attacks. Commenting on the case, Nemertes Research said that "converged networks lead to converged threats," and that such attacks are likely to continue, if not become more prevalent.
VoIP has been enjoying the "honeymoon" period during which attackers familiarize themselves with a new technology, but that honeymoon is now over, Nemertes says. As far back as 2002, Nemertes predicted four emerging stages of security threats in voice technologies: denial and loss of service; theft of service and toll fraud; eavesdropping; and social engineering through spoofing. The Miami case shows us to be halfway through those projections.
Many of VoIP's security problems arise when -- just like with other data networks -- organizations don't enforce policies or users aren't following them diligently enough.