At the 19th edition of Black Hat USA, the most important gathering of the information security (InfoSec) community, experts agreed that more should be done to address the vulnerabilities related to Voice over Internet Protocol (VoIP) technologies.
Despite its ominous name, the Black Hat USA conference is not for bad guys; however, nefarious practices and how to protect against them are discussed. VoIP was a major topic this year; a renowned security firm talked about how the attack surface is increasing due to the interest in unified communications (UC).
InfoSec specialists describe the totality of system weaknesses as the attack surface. UC systems blend voice, chat, email, social media, and all other communications into a single platform. Due to the nature of these communication methods, the UC attack surface is significant.
Some of the common VoIP and UC threats reviewed at the conference include: caller ID spoofing, malicious messages, distributed denial of service (DDOS) attacks, toll fraud, and others. The attack vectors are usually poorly configured SIP trunks, phishing on instant messaging networks, social engineering through customer service channels, and more.
UC technology is at the heart of the VoIP strategy for business; in Apple Valley, Victorville and across the High Desert, Sonic IT Systems routinely installs UC systems for local companies. When installing UC systems and making them part of a business network, our technicians make sure that each known vulnerability is addressed.