The demand for VoIP (Voice over Internet Protocol) continues to grow as companies and organizations of all sizes seek to enjoy the cost and integration benefits associated with VoIP solutions. Those benefits can quickly disappear, however, when security risks become damaging realities.
As highlighted in this
GOVPRO report, businesses and government agencies have done well to protect their phones by ensuring the lines are secure when in use. An equally significant threat has been ignored, however. The phones must also be protected when not in use. Believe it or not, a phone on the hook can be used as a listening device by those well versed in the art of hacking.
The on-hook phones and even cables attached to the phones can be turned into listening devices with the right sophistication in hacking. Unscrupulous individuals can detect minute electrical signals generated by common materials through natural microphonic characteristics. These objects tend to vibrate when normal room conversations are taking place, and can transmit audio signals, making the conversation public.
To demonstrate this risk in unprotected VoIP solutions, Teo researchers recovered intelligible human voices from the standard phone equipment within a test office connected to Cat 5 Ethernet cables. The company, a provider of commercial, government and military-grade communications technologies, tested the risk on off-the-shelf equipment with no modifications.
Phones leveraging VoIP solutions without the right protections in place put a company or a government organization at risk. This reality was demonstrated last year when HackLabs was able to attack Cisco (News
- Alert) VoIP phones. While this initiative was simply a demonstration, it highlighted the need for TSG-6 certified devices, particularly in environments where high security is critical.
To enjoy VoIP solutions and still protect the organization,
Teo offers a suite of TSG-6 certified solutions. The National Telecommunications Security Working Group (NTSWG) certifies devices that can prevent eavesdropping threats posted by nearly all equipment that has not been approved by the organization. To meet its requirements, phones must have positive-disconnect circuitry and ultra low-emissions technology, preventing the production of microphonic audio signals.
Teo offers its TSG-6 secure ISDN phones, VoIP phones and standalone NT1. The company’s TSG-6 IP phones will work with all VoIP solutions platforms that support industry-standard SIP protocol, and meet the requirements specified in the Committee on National Security Systems (CNSS) Instruction No. 5000 and 5001.
The risks inherent in any technology connected to the Internet won’t go away in the near future, especially as hackers improve their skills. The key for the organization seeking to protect its information and its users is to install the equipment necessary to ensure “listening in” is never an option.
Edited by Jamie Epstein