The world is not a safe place, and anyone who watches the news or checks Facebook (News - Alert) is aware that recently we’ve all become a little less safe thanks to the Heartbleed secure socket layer flaw that compromises Internet security.
Sometimes the ramifications of a security breach are relatively minor. My Wikipedia account was recently hacked, for instance, which means somebody can now change the definition of grilled cheese in my name and get away with it until I fix the breach.
But other security failures are much worse, such as when a voice-over-IP (VoIP) customer has his account compromised. A hacked VoIP account potentially opens the door for high charges from international calls. Just like a stolen bank account, a compromised VoIP account can be no fun.
Mobile VoIP poses a particular challenge for security. Unlike traditional VoIP, which is usually conducted through a relatively safe Internet connection, mobile VoIP is especially prone to hijacking since passwords and data is often sent over unsecured Internet connections. All it takes is a competent cyber criminal parked in a cyber café or eavesdropping on the network to potentially compromise a VoIP softswitch.
All VoIP accounts use passwords to ward off cyber crime, of course, but often that is not enough. As Heartbleed is showing, even a secure password is no guarantee that cybercriminals will be unable to access an account.
REVE Systems has an interesting solution, however; it offers an iTel Plus Security Device for its iTel Switch Plus softswitch. The device generates a one-time secondary password for the iTel softswitch, which allows there to be two layers of password authentication before a softswitch can be accessed.
This is not simply two passwords that can be compromised. Because the security device generates a new password each time, learning the secondary password doesn’t compromise security. A user needs both the softswitch password and the security device to gain access; one will not suffice without the other, ensuring that a stolen password or even a stolen security device is not enough.
As REVE advertises, the softswitch is safe even if the whole world knows a user’s password.
Now, if only we had a similar security device for all our Internet passwords. I don’t know about you, but this Heartbleed vulnerability is a real headache.