Security flaws put VoIP systems at risk

The disclosure this week of critical vulnerabilities in voice-over-IP products from several major vendors shows why companies need to pay close attention to security when deploying IP telephony technologies, analysts said.

The flaws were discovered by Britain’s National Infrastructure Security Co-ordination Centre using a test suite designed by a group of researchers at the University of Oulu in Finland. The flaws exist in VoIP products that support the H.323 protocol, which is used to exchange audio and video communications.

Products sold by Microsoft Corp., Cisco Systems Inc. and Nortel Networks Ltd. are among the affected software, and the risks to users include denial-of-service attacks and malicious hackers taking control of systems, according to an advisory issued by Internet Security Systems Inc. (ISS).

Neel Mehta, a security researcher at Atlanta-based ISS, said the vulnerabilities are the result of coding errors in individual H.323 implementations. The flaws in Cisco’s Internetworking Operating System (IOS) software present the biggest concern because of its widespread use in Internet routers, Mehta said.

In its own advisory, Cisco said all products that run IOS and support H.323 packet processing are affected by the flaws. Several other IP telephony products are at risk, even though they don’t run IOS, the company added. Cisco released patches for all of the affected devices.

Microsoft warned users that the H.323 filter in its Internet Security and Acceleration Server 2000 software is vulnerable and gave the flaw a “critical” severity rating. Attackers could use the security hole to take complete control of compromised systems, said Microsoft, which also released software patches.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now