"Attacks on IP phones are actually quite frequent," said Roy Wakim, convergence solutions manager at Avaya South Pacific. "Security is a major issue."
Voice-over-IP solutions have gained increasing enterprise traction. A study earlier this year by Integrated Research found that 56 per cent of medium and large companies were already using IP telephony, and a further 26 per cent were planning a trial within 12 months. A key attraction of such systems is reduced maintenance and deployment costs, as a single network can be used for voice and data.
But that flexibility comes at a cost. While there are no acknowledged reports of actual viruses aimed at IP telephones, the fact that they have their own IP address means they are frequently probed as potential attack sites, Wakim said. Poorly configured networks could allow voice calls to be monitored -- a problem which Avaya and other vendors attempt to circumvent by encrypting calls. Virus attacks such as Nimda which slow down network performance can also render phones inoperable.
As IP telephones move beyond simply handling voice calls to running applications which directly access enterprise data networks, the virus risk is likely to increase. In the Integrated Research study, 66 per cent of respondents listed the ability to deploy applications as a major attraction of IP telephony.
Vendors have long recognised the potential for attacks via IP telephony networks. "Voice networks are juicy targets for hackers with ulterior motives," Cisco notes in a white paper on the topic. "The main issue with voice networks today is that they are generally wide open and require little or no authentication to gain access."