VoIP security solutions provider Sipera Systems has posted their list of what their Sipera VIPER Labs sees as the five top VoIP Security Threats for 2008.
Before I offer this list, two caveats:
First, when a company with technological solutions posts their predictions, it is almost always a tacit declaration on their part that they know what is going on, and they have a solution just for you.
Second, props to Sipera on the name, VIPER Labs. I know if I was going into battle, I'd love to have poison snakes (or the binary equivalent of same) on my side.
OK here are Sipera's five predictions:
- First and foremost, as enterprises deploy SIP Trunks and UC for the mobile workspace, denial of service (DoS) and distributed DoS attacks on VoIP networks will become an increasingly important issue.
- HTTP or other third party data services running on VoIP end-points will be exploited for eavesdropping and other attacks.
- The hacking community, experienced with exploiting the vulnerabilities in other Microsoft offerings, will turn its attention and tools towards Microsoft OCS – taking advantage of its UC connections to public IMs, email addresses and buddy lists to create botnets and launch attacks. As well, enterprise federation for OCS, a major productivity and business process enabler, will be a source of greater VoIP security risk since it exposes once closed networks to the risks found in other federations.
- Hackers will set up more IP PBXs for vishing/phishing exploits. Vishing bank accounts will accelerate, due to ease of exploit and the appeal of “easy money.”
- VoIP attacks against service providers will escalate, using readily available, anonymous $20 SIM cards. With UMA becoming more widely deployed, service providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making it easier to spoof identities and use illegal accounts to launch a variety of attacks.
Well, well. IMHO scariest of those is Sipera's view that hackers will turn to Microsoft OCS for attacks. As enterprises deploy OCS that's where the big targets will be.
I'm on my way to the IT Expo in Miami Beach (OK you frostbelters can be jealous and I won't hold it against you) next week, and you can bet I will be asking lots of questions about those risks.