On Wednesday, VoIPshield Laboratories, the research division of VoIPshield Systems Inc., said it has discovered more than 100 design or implementation flaws that hackers can exploit. Possible extortion includes service outages, spying on call recording or stealing customer information, VoIPShield said.
And while VoIPshield announced its findings today, it alerted vendors to those results earlier this year. Avaya, Cisco and Nortel have since worked with VoIPshield to re-create and fix the vulnerabilities; Cisco already has a couple of patches available.
It’s important to address IP telephony security issues now, said Lawrence Orans, research director for networking and communications equipment at Gartner Research.
“The limited number of high-profile attacks against IP telephony has lulled most chief information security officers and voice/data managers into a false sense of security, with the result that most do not have adequate protection for their converged networks,” Orans said.
“Now is the time to start planning a protection strategy, while the hacking community is still learning about VoIP, not after the attacks begin,” said Rick Dalmazzi, president and CEO of VoIPshield.
VoIPshield chose to study Avaya, Cisco and Nortel for its first assessment because those vendors hold the most market share in North America. However, VoIPshield plans to expand its coverage to companies including Microsoft Corp., a recent enterprise VoIP entrant.
The three-year-old VoIPshield also develops products such as vulnerability assessment based on its research. It further sells those products through authorized partners.
The list of vulnerabilities, with severity ratings and vendor responses, is available on VoIPshield’s Web site under the Research tab.