A key expectation for both our daily business and personal telephone calls is confidence in the privacy of these conversations. Whether we are discussing a sensitive business transaction, our own health or finances, or just matters private to our families, we rely on the confidentiality of the telephone system to ensure this information does not leak into the public domain or fall into the hands of malicious individuals.
With traditional telephone networks. someone wishing to listen or seriously breach the confidentiality of the network usually requires physical access to transmission lines or network systems. In contrast, on the Internet, the idea of a connection is markedly different. As the Internet is a truly global network, an individual may be able to listen to or copy the communications of a poorly secured VoIP system without a need for physical access.
Eavesdropping
In VoIP architecture, voice communications are passed around the Internet as ‘packets’ of data. Experienced attackers may be able to gain access to this transmitted data and make sense of its contents if they are unencrypted. As a result, conversations via VoIP are considered more susceptible to eavesdropping than traditional telephony systems.
Collecting of User and Use Information
It is possible for network structure information and call patterns to be traced via traffic analysis. As VoIP devices need to be in a position to accept connections (ie. telephone calls) attackers may be able to identify these devices on your network and monitor the calls via software built to tap into VoIP calls (e.g. SIPtap). By doing so, attackers can gain valuable information about your organisation’s physical setup, work processes, client and supplier contact information.
Unauthorised Voicemail Access
Many VoIP systems now provide a voicemail function similar to that available with standard telephony services. This voicemail function may also allow for a breach of confidentiality. As with any computer program, there is the possibility that the contents of such a system are accessible through unauthorised methods. In the same way that attackers have used worms and malware to gain unauthorised access to e-mail inboxes over recent years when poor protection is applied, VoIP voicemail systems are similarly at risk. It should be noted however that IP Voicemail can be more secure than traditional voicemail systems with the aid of encryption and access controls.