Unified Communications: Click to talk

Nov 14 2008   2:29PM GMT

VoIPshield Finds Flaws With Microsoft UC

Tony Bradley Tony Bradley Profile: Tony Bradley

VoIPshield, a VoIP security solutions company based in Ottawa, Canada, recently discovered vulnerabilities affecting the RTP (Real-time Transport Protocol), a standard data format used for delivery of audio and instant messaging packets over the Internet. Microsoft Office Communications Server 2007, Microsoft Office Communicator, and Microsoft Windows Live Messenger.

This excerpt from the VoIPshield press release explains the issue further:  “Most of the attention in enterprise VoIP/UC security has been paid to the control channel, where SIP and other signalling protocols are used,” said Ken Kousky, CEO of security research and analysis firm IP3 and advisor to the VoIP Lab at Illinois Institute of Technology. “Until now, the media stream has been largely ignored by the security community as a source of malicious activity.  But attacks from these vectors have the potential to be dangerously persistent and widespread.”

There are an estimated 250 million computers running at least one of these applications. If exploited, the discovered vulnerabilities could result in a DoS (denial-of-service) attack that impacts not just the affected application, but the entire computer system. VoIPshield’s research and disclosure are specific to the Microsoft products mentioned, but they note that these same protocols are used elsewhere and that other VoIP and communications applications are likely impacted by similar vulnerabilities in the media delivery channel.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: