Report Suggests 70% Of VoIP Calls Vulnerable To Attack

Over the past few months there have been a number of reports and accusations about VoIP security, especially when used at remote call centers. Now a report [PDF] published by security firm Scanit suggests that up to 70% of all calls made via Voice over IP are susceptible to attack simply because call centers in particular have not instigated adequate security. If true, that is truly astounding.

In drawing up the report Scanit were given authority to audit data transfers at several call centers and rather worryingly they were able to decipher PIN numbers used to access telephone banking services among other valuable information. I say valuable on purpose because such information has a substantial price in the criminal underworld.

Scanit blamed several factors, one being poorly informed / trained system administrators who were either unaware that their VoIP system was insecure or were incapable of making it secure. During the audit Scanit also found that many of these busy call centers, handling your calls, were running a VoIP system without any encryption at all.

Easy access to software that can detect VoIP calls being made over a network then record them onto a hard drive as an MP3 was also cited as a major concern.

This is worrying because so many companies are outsourcing telesales and support to call centers with inept security and there is clearly a demand for information given to the operators. However, one must bear in mind that while the authors of the report claim to have “tested the most popular SIP routers” there is no information on how many routers they tested, how many call centers they monitored and for how long the audit was conducted. In other words, take this with a pinch of salt.

Nevertheless, the question of VoIP security is a valid one. So what do we as consumers do about this? I suppose there is only one thing for it, put pressure of those companies that use outsourced call centers to invest in and maintain a level of security.

Read more at The Reg where they have quotes from an interview with Scanit engineer Sheran Gunasekera.