70% VoIP call centres unsecured and Open to attack

VoIP data could be hacked because call centres are not doing enough to secure their networks, according to new research. Research by IT security company Scanit found that most installations do not have strong security controls in place, according to one of the company's engineers, Sheran Gunasekera. The company found that 70 per cent of VoIP calls are unsecured and exploitable by hackers.

"The reason for this has been the fact that the system integrator or implementer had not paid much attention to the security of the entire setup," said Gunasekera.

He said it was possible for an employee of the organisation to intercept voice conversations and re-route calls outside of the firm's network. According to Sheran, a high percentage of installations he has audited had no encryption on the voice stream.

'The most common reason in large companies is because no-one understood how to secure the system. Staff lacked adequate skills and understanding of the security aspects of the implementation itself. They relied on the vendor or system integrator to set the whole system up," he said.

When a user first starts up a VoIP session, it looks for a SIP Registrar - comparable to a traditional telephone exchange - to register and identify itself on the internet, via an IP Address, and to show the user is now contactable.