VoIP (voice over IP) infrastructures are generally not as secure as the networks they ride on, and they provide attackers with a weakest link in the chain to exploit as a back door to the rest of the network.
An article on the Web cites a report that states “McAfee found that the number of known VoIP vulnerabilities has grown from less than 20 in 2006 to almost 60 now.”
Compared with the volume and growth rate of more traditional threats like viruses, worms, botnets, phishing attacks, spyware, etc.- this statistic does not seem all that alarming or impressive. The difference, however, is that corporate IT departments have a solid handle on basic network security and the tools to detect and block those threats are a commoditized part of every day business. Not so much with VoIP.
Organizations deploying unified communications solutions, or even just implementing VoIP, need to be aware of the risks involved with combining voice and data networks and take the appropriate steps to make sure VoIP doesn’t become the path of least resistance for attackers to exploit their way into the network.