voip privacy april 2007. ©2007 broadsoft®, inc. proprietary and confidential; do not copy,...
TRANSCRIPT
VoIP Privacy
April 2007
©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute
2
About BroadSoft
MarketLeader MarketLeader
VoIP Application Software
VoIP Application Software
Partner ofChoice
Partner ofChoice
• Founded in 1998• Commercially Deployed 5+ years• Profitable
• 250+ Fixed & Mobile Service Providers• 7 of top 10 (and 13 of the top 25) global
carriers
• Leading IMS Vendors• E.g., Ericsson, Lucent• 5 of top 6 TEMs OEM BroadWorks
• Hosted PBX / IP Centrex
• Bus. Trunking• Residential Broadband• Mobile PBX• Voice and Multimedia
Most Deployments
Most Deployments
©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute
3
7 of top 10 and 13 of top 25 global carriers7 of top 10 and 13 of top 25 global carriers
Leading Global Customer Base
©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute
4
What is VoIP?
• Consumer– Voice Over the Internet
• Vonage, Skype etc
• Business– IP based PBX systems– IP Centrex Systems
• Switching occurs in the service provider network
Internet
IP Network
©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute
5
Significant Global VoIP Subscriber Growth
Source: Ovum & Infonetics, 2006
0
15
30
45
60
75
90
105
120
135
150
165
Su
bsc
ribe
rs (
M)
2005 2006 2007 2008 2009
©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute
6
Current VoIP Privacy Issues
• Normal Data Attacks– DoS Attacks on data networks brings down all
applications including data– Open source PBX’s have known buffer
vulnerabilities
• SIP Vulnerabilities– Registration hijacking– Message tampering– Session tear-down– VoIP targeted DoS attack
©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute
7
Current VoIP Privacy Issues
• SPIT (Span over Internet Telephony)– Imagine your voice mail being filled up with
Viagra adverts?– Huge potential for issues– Not many real world instances
• Vishing – Phishing using telephony– VoIP lowers the cost of Vishing – Small scale today– Already attacks on Paypal
©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute
8
Current VoIP Privacy Issues
• VoIP Hacking– One instance of brute force hacking in 2006– $1M fraud: Offender behind bars
• Eavesdropping– Man in the middle attacks– Similar techniques already in place by security
services for Lawful Intercept
©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute
9
And Lastly……Stealing Minutes
• Phreakers– Phreakers break into gateways to steal minutes– 200M mins/month stolen worth an estimated
$26M/month*– Transport networks now moving to private
connectivity to avoid Phreakers
* Source Stealth Communications
©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute
10
Current State of Play
• All the afore mentioned problems have either been solved or are close to being solved by session boarder controllers
– Also addressed in IMS
• Service providers are implementing or have implemented security systems
• Businesses building their own VoIP networks will have to be extremely careful about implementation