Voice over Internet Protocol (VoIP) has been widely deployed since the integration of the voice and data networks reduces management effort and cost. Since VoIP shares the same infrastructure with a traditional data network, it inherits all security problems from data network. Furthermore, VoIP also has its own security problems coming from new protocols and network components. Here are a few security issues now associated with VOIP:
1. Vishing - Vishing is another word for VoIP Phishing, which involves a party calling you faking a trustworthy organization (e.g. your bank) and requesting confidential and often critical information.
2. Viruses and Malware – VoIP utilization involving softphones and software are vulnerable to worms, viruses, and malware, just like any Internet application. Running on user systems like PCs and PDAs exposes softphone applications to malicious code attacks in voice applications.
3. Denial of Service (DOS) - In VoIP, DoS attacks flood a target with unnecessary SIP call-signaling messages, thereby degrading the service. This causes calls to drop prematurely and halts call processing.
4. Man-in-the-Middle Attacks - VoIP is particularly vulnerable to man-in-the-middle attacks, in which the attacker intercepts call-signaling SIP message traffic and masquerades as the calling party to the called party, or vice versa. Once the attacker has gained this position, he can hijack calls via a redirection server.
5. Spamming over Internet Telephony (SPIT) - Every VoIP account has an associated IP address. It is easy for spammers to send their messages (voicemails) to thousands of IP addresses. Voice mailing, as a result, will suffer. Spamming clogs voicemails and more space, as well as better voicemail management tools, become necessary. Spam messages can carry viruses and spyware along with them, as well.