Unified communications is a set of multi-faceted technologies that have been integrated to interoperate with one another, and so there are a lot of different security concerns relative to the type of technology and how it connects with all of the other technologies, said Jonathan Edwards, analyst for unified communications and enterprise communications infrastructure at IDC. However, moving to an IP world means there are real-time security threats that didn’t exist before.
A lot of applications in the unified communications space have social software elements, and a big concern is what users are doing in social media that businesses can’t secure. They don’t want lock social media down, but at the same time, businesses can’t let the inmates run the asylum, Edwards said. Apps like FaceTime harden and secure social networking sites.
Businesses are less worried about malware when it comes to their unified communications technologies and more concerned about ensuring they adhere to compliance regulations. Because UC apps access the public Internet, there are concerns about letting sensitive data leak out.
Although IT has to give workers’ consumer devices access to the corporate infrastructure, there are more and more consumer devices in the workplace that are connecting to corporate data. New devices show up every day, and somehow IT has to manage and secure all of them that connect to unified communications.
As like any other type of application, unified communications applications have code vulnerabilities that hackers can exploit. Hackers are using those exploits for monetary gain.
"The attacks have been anywhere from the traditional security attacks like denial-of-service attacks to SIP scan attacks," said Amitava Mukherjee, president and CEO of RedShift Networks.
Port scan attacks continue to be a big problem. Hackers use them to probe for vulnerabilities in unified communications deployments that they can later exploit for their own gain.
Spam attacks over IP telephony (SPIT attacks) and robo-calling have become much easier to do in the IP-enabled voice world, Mukherjee said. SPIT attacks are where every phone in the company starts ringing, and when someone picks up the line, it’s an advertisement. Such spam attacks are becoming increasingly common.
Another type of attack that has become easier in the IP-enabled world is eavesdropping, whether it’s listening in on voice streams or capturing video streams, Mukherjee said. Hackers use sniffers to collect the packets from the communications streams to listen in on conversations. "That’s rampant right now," he said.
Connected to eavesdropping attacks, conversation alteration is starting to take place, where hackers are able to access voice packets and change what people are actually saying. "Those are tremendous attacks that are actually happening today," Mukherjee said.
Hackers break into major carrier or VoIP provider services to make free phone calls on the IP network. However, it’s not only hackers doing this, Mukherjee said. Individuals or businesses trying to get around paying for their services are also engaging in the practice, which is costing service providers millions of dollars per year.
RedShift Networks has identified more than 34,000 threats to unified communications in the wild.
"What’s interesting is these attacks are happening and a lot of these companies aren’t aware of it because a lot of the devices out there don’t detect these kinds of attacks," Mukherjee said.