Tuesday, March 20, 2007

VoIP Telephony Part 3: The Downside and Security Flaws of VoIP Telephony

VoIP Telephony Part 3 of 3

In the last two weeks I talked about VoIP telephony, and all its advantages (lower prices, portability, etc), but there is a reason it hasn’t caught on like wildfire, and why you’re not scrambling to get it for yourself.

The beauty of VoIP service is that it runs like “another program” through your computer, or through a gateway if you use an IP phone. This beauty is also where the problem lies. Using a telephone service over the Internet will expose you to all the Internet security issues currently floating around the cyber world. A comparison used a lot is between Broadband Phone and emails. Emails are sent through the Internet and are vulnerable to anyone trying to exploit security holes. As with emails, VoIP telephone calls can be attacked by a hacker so that the attacker can gain access to your computer, personal information, and system access.

Spamming can occur, or DoS (Denial of Service) maybe sent to the system network. DoS can wreak havoc to businesses, especially ones that aren’t equipped with security features that protect against security exploits. A network can be shut down and phone lines, which are part of the network in this case, will be out of service until the network can be restored to working order.

Eavesdropping is also a possible problem. The problem may be worse than eavesdropping on a standard telephone line. With VoIP telephone, a hacker can gain access to more than one telephone line once the network is broken into. Through the use of the right tools and programs, a hacker can use their laptop and tap into anyone’s VoIP conversations by redirecting their IP packets to their computer. This may lead to more compromising situations like intercepting phone calls containing sensitive information with a bank, or even rerouting a genuine call to a bank so that the hacker can easily impersonate the bank. A form of “phishing” can happen in this case. A popular form of “phishing” is with PayPal. Emails are sent to unsuspecting users asking for login information or credit card information. The emails look legitimate and gullible users will pretty much “hand” over severely damaging information over to these Internet thieves. With an IP phone number, hackers can make cheaper calls (one of the upsides remember?) to the correct numbers, and sucker in the owner of the number with similar phishing tactics as the PayPal scheme.

There are ways to help minimize the threat through the use of firewalls or encryption of VoIP traffic through a VPN Service. you can minimize the more common security threats VoIP and emails share. Microsoft had to release many patches to secure their Outlook program, which still suffers from constant security issues. You can expect ITSP and networking companies to start putting in as much work as Microsoft did, and maybe more, to secure their services. If not, then you can expect them to receive similar flak, and I’m sure that’s a problem the service providers would like to avoid.

Aside from security issues, VoIP telephone service has some drawbacks in general use. Heavy Internet traffic on specific networks, or loss of data packets can cause a loss of parts of conversations, or just drop them completely. I mentioned before that making 911 calls can be troublesome because your location is difficult to locate over the Internet. Because you’re difficult to locate, your call will have trouble being connected to your nearest emergency call center for help. I also mentioned that “e911” is a solution in the works, but it’s still not standard.

Regardless of its current disadvantages, VoIP is still steadily growing rapidly. The problems I addressed, as well as the ones I haven’t, are being pressed out and solved as we speak. Companies like Cisco Systems, Avaya, Nortel, Siemens are putting a lot of their resources into this security, as they know a lot of money is to be made in this growing tool online. I don’t blame them; VoIP telephone service is looking like a possible “next big thing” waiting to catch fire, once consumers catch on to it. As far as I know, there haven’t been any major attacks towards VoIP providers or VoIP customers, but it’s pretty safe to bet that the network companies I mentioned are working to keep it that way. The cost cutting benefits of VoIP telephoning is hard to overlook. It’s not without its flaws, but like everything else, it can only improve and come with more options. Bring on the patches and updates!