Press News

Budapest, February 8, 2005

The US government has issued a strong warning about the security risks associated with Internet-based telephony, one of the fastest-growing communications technologies. Published in Financial Times by Simon London.

Internet-based telephony known as voice over Internet protocol, or VoIP - promises lower costs and greater flexibility by using existing data networks.
But a report by the National Institute os Standards and Technology, which delepost technology guidelines for US government agencies, warns of the "inherent vulnerabilities" of VoIP such as calls breaking up and exposure to eavesdropping.
"VoIP systems can be expected to be more vulnerable than conventional telephone systems, in part because they are tied in to the data network, resulting in additional security weaknesses and avenues of attack".
The warning from Nist is likely to prompt some companies and agencies to reassess plans for adopting the technology.
According to Gartner, the market research group, US companies spent $2,3bn (1,76bn EUR) on VoIP-capable telephone systems last year, compared with $1,5bn on traditional equipment. By 2007 Gartner expects 97 per cont of new corporate phone systems installed in North America to be pure VoIP or hybrids.
The consumer market is also expanding rapidly. The Telecommunications Industry Association predicts that 26m US households will have VoIP by 2008, up from about im today.
While the technology proliferates, the government is concerned managers do not fully grasp the security implications.
In its report this week Nist says a main source of confusion "is the (natural) assumption that, because digitised voice travels in packets just like other data, existing network architectures and tools can be used without change". It warns: "VoIP adds a number of complications to existing network technology and these problems are magnified by security considerations".
Firewalls and intrusion detection systems used to protect data networks often interfere with voice calls by delaying information as it travels across the network. This leads to calls breaking up or being dropped. In addition, firewalls are no defence against internal hackers.
Unless calls are encrypted, anyone with physical access to an organisatio’s local area network can attach monitoring equipment and tp into calls. While this is in theory possible with traditional telephone networks, acceass to switching equipment is easier to control.
Nist’s report, signed by Donald Evans, commerce secretary, warns agencies that essential telephone services, "unless carefully planned, deployed and maintained, will be at greater risk if based on VoIP" because the Internet is in general less reliable than the public switched telephone network.
Noting that "an especially challenging security environment is created when new technologies are deployed", Nist recommends using separete voice and data networks when feasible.