ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Communications

VoIP Toolkit

VoIP: Paying the price for cheap calls

Tags:
VoIP

Cath Everett ZDNet.co.uk

Published: 08 Aug 2005 17:10 BST

On the other hand, Williams feels that some of the FUD spread by suppliers with vested interests are both counter-productive and excessive.

"One of the marketing tools that security companies have used is Fud, which has been useful for shifting security solutions. But the problem is that if you go too far, you put people off," he says. Rogier Mol, senior analyst of European IP telephony at IDC, meanwhile, believes that potential security risks around the technology vary according to how it is used. "At the moment, security risks for VoIP and IP telephony aren't high. This is predominantly because most implementations aren't exposed to the Internet right now and most organisations use the technology for internal calls, which is just the same as sending your data internally around the network," he says.

But by 2007, as this situation starts to change and the use of the SIP addresses for IP phones becomes more widespread, leading to their inclusion on collateral such as business cards, so the risks are likely to increase proportionately.

"Using VoIP and SIP over the publicly accessible Internet is inherently more insecure than using a PSTN line, which is based on more proprietary equipment and doesn't go out over the Net. This means that traffic is potentially more open to abuse," says IDC's Mol.

But he agrees with Gartner that the idea of voice traffic being intercepted by a third party is "a bit over-hyped". "It's a theoretical risk, but not very likely because it's difficult to do. If you're on the same internal network, it would be easier as you have to plug into the network and collect voice packets, but you'd still have to put them back together to decipher them," says Mol.

But despite some hype there are concrete examples of VoIP systems being tampered with. Datamonitor analyst Williams recalled an incident where a router was hacked and the perpetrators re-programmed it to insert swear words into conversations going over the line, a scenario that could have potentially damaging consequences for the business concerned.

"While it's only been a one off so far, if people are able to hack into a router and insert things, they'll have the same ability to hack in and copy information, which amounts to a potential confidentiality risk," he says.