VoIP vulnerabilities increasing, but not exploits

The threats against voice over IP (VoIP) are numerous and seem to be growing, but the technology probably won't suffer crippling attacks in 2008.

The potential danger is very real. VoIP is susceptible to the many exploits that networks generally are heir to -- denial of service, buffer overflows and more. VoIP PBXs are servers on corporate networks and are only as secure as the networks themselves.

In addition, there are many voice-specific attacks and threats. These have been chronicled by researchers and vendors intending to alert users and suggest ways to guard against them.

For instance, two protocols widely used in VoIP -- H.323 and Inter Asterisk eXchange -- have been shown to be vulnerable to sniffing during authentication, which can reveal passwords that later can be used to compromise the voice network. Implementations of Session Initiation Protocol (SIP), an alternative VoIP protocol, can leave VoIP networks open to unauthorized transport of data.