Listened to an interesting talk by Emmanuel Gadaix of the Telecom Security Task Force at the Bellua Cyber Security Asia 2005 conference in Jakarta. Emmanuel spoke of the security threats to mobile telephony, and while he pointed to the weakness of SS7 signalling — the part of mobile telephony where networks talk to one another — he feels the real threat will come from VoIP. Of Signaling System 7, Emmanuel says: “determined hackers could close down a whole country’s mobile phone network”.
But of VoIP he was more concerned. With many smaller vendors pushing out VoIP services into an already bustling market, vulnerabilities abound: “A lot are still at the beta stage,” he says, “so there will be problems.” And while he stressed that he had noticed that VoIP providers were more aware of security issues than their traditional counterparts, the threat was a significant one. “Full IP telephony will eventually happen,” he says. “And telcos must learn to prevent future threats. You will not be able to ignore them.”
The kind of threats: Denial of service or quality of service attacks, interception of voice traffic, injection of voice traffic (such as SPIT, or voice spam), anonymous and untraceable calls, etc. etc.