VOIP more secure than PSTN
Despite the genuine possibilities of attack, some experts say that VOIP is more secure than the traditional public switched telephone network (PSTN).
"The VOIP system is much more secure than traditional systems," says Ari Takanen, founder and CTO of Codenomicon, which makes software security-testing tools. Speaking at the recent VON Europe 2007 conference, he acknowledged VOIP vulnerabilities, but said they were not insurmountable. "IP systems are more exposed, but you have more security that you can install," he says. "If you don't use it -- that's stupid."
Cullen Jennings, a distinguished engineer at Cisco's VOIP group, who also spoke at the conference, notes that PSTN caller ID is easily spoofed, and toll fraud via traditional PBXs is still common.
Jennings says PSTN reliability -- the availability of dial tone nearly all the time -- is one highly touted measure of the quality of service. But that does not mean the PSTN is invulnerable or even better than VOIP. "I'm not claiming the PSTN does not meet its [reliability] goals," he says, but that has no bearing on whether, for example, caller ID can be spoofed. "If the core network went down doesn't matter if the threat was to caller ID," he says.
The top threats to VOIP listed by the VON panel were:
- Zero day problems for which vendors have not yet issued a fix.
- Security not being turned on because it is too complex.
- Vendor-specific vulnerabilities that are not addressed by best practices.
Ultimately businesses will not turn their backs on VOIP because they are worried about security, says Akif Arsoy, a VOIP product manager for Verisign. They will adopt it for integrated voice and data in a converged network. "End users make decisions on what am I getting with VOIP that I'm not getting today with traditional voice?" Arsoy says.
Even so, expect more VOIP exploits to emerge over the near-term, says Thermos, who says he has already identified more signaling protocol weaknesses and implementation vulnerabilities. "We're just touching on the beginnings of many exploits that will be coming down the road," he says.