Why should potential fraudsters go to all the trouble of launching sophisticated VoIP exploits when even the most basic security has not been implemented? Security is the responsibility of each and every one of us, whether we are users, manufacturers, service providers or resellers.
The real question is how much has the industry moved on in the past two years, what measures have been taken and have the lessons been learned from this case by service providers and resellers alike?
The McAfee Virtual Criminology report references two specific VoIP threats, namely ‘vishing’ and ‘phreaking’. According to McAfee, fraudsters intend to exploit VoIP services to send voice messages to subscribers in a form of attack known as VoIP phishing or ‘vishing’. Although it is early days for this type of attack, there have already been at least two reported cases of vishing documented to date and both of these stemmed from criminals using social engineering methods over an IP network to steal personal information.
The term Phreaking, first came into use during the 70s in reference to telephone hacking, using the variety of tones to manipulate the exchange to make free calls. Modern day phreakers are using personal computers to hack the Softswitch directly with the same objective. However, the fact remains that it is still much simpler to use well known computer vulnerabilities to access the identity information needed to make free calls.
We should all be learning lessons from the past to avoid the ‘hack and patch’ cycle with network vulnerabilities being addressed on an ‘as needed’ basis. Service providers do appear to be more proactive these days with security questions ranking high on their agendas, but individuals lag behind in terms of awareness and proactivity. This leaves a huge opportunity for the channel to educate the market in order to avoid fraudsters circumventing the network and taking aim at subscribers and their poorly protected devices.
In order to improve security we need to address two major concerns – disruption and identity theft. While there is no single, allencompassing solution to these issues, increased security awareness and education is fundamental. Strong authentication and encryption will be key to protecting user confidentiality while increased complexity of passwords will further support any security measures. Encompassing all of these measures the network itself must be architected with multiple layers of defences built in, including the specialised protection offered by session border controllers.
There aren’t many of us out there today who would still leave the house with the front door unlocked when popping out for a few hours. More unlikely still is the idea of leaving the door wide open. Let’s get those doors closed and locked now. You’ve heard the saying an Englishman’s home is his castle, well, it’s about time his PC and his phone are too.
Latest posts by (see all)
- Mitel Appoints Graham Bevington as EVP and Chief Sales Officer - April 10, 2015
- Exertis is the New Name for Micro-P - October 24, 2013
- Imago Adds Single Chip DLP Projectors to Barco Deal - June 13, 2013