A new VoIP security body has been launched.
Led by 3Com’s newly acquired TippingPoint intrusion prevention system subsidiary, the group has tasked itself with helping VoIP vendors bring a more secure product to market, increasing user confidence and spurring adoption.
As with any technology rolled out that promises to be the killer app, it tends to get rolled out quickly and security considerations come second, said TippingPoint’s David Endler, acting chairman of the group.
Mr Endler pointed to rapidly adopted technologies such as web browsing and Wi-Fi to make his point. Both had a period of fast rollout, followed by a catch-up period where security fixes were brought in. VoIP is more important, however.
If you’re going under a distributed denial of service attack, it may mean your web browsing is a little slower, said Mr Endler. If a call center is using a VoIP network and you’re under attack, it could mean a 911 call isn’t getting through.
VOIPSA will publish tools like penetration testing software and documentation like best practices guidelines to help vendors, and customers, mitigate some of the risk of transferring essential voice services to IP, he said.
TippingPoint has released a VoIP fuzzer – software that simulates a hacker trying to break an application to find vulnerabilities – to the group to get the ball rolling, Mr Endler said. Initial projects will be decided upon at a meeting next week.
While some well-known types of network attack such as DDoS could apply easily to VoIP applications, there are likely to be many types of VoIP-specific attack, and the kind of data that could be stolen would be conversations themselves.
Call interception, redirection and eavesdropping spring to mind as likely results of the move to VoIP. For VoIP buyers, this should give pause for thought for some time, unless organizations such as VOIPSA and its members are successful.
