Fortify warns of VoIP PBX security risk

Application vulnerability specialist, Fortify Software, has warned companies using VoIP private branch exchange (PBX) software that they are vulnerable to hacker attacks.

The complex program code used in Internet telephony software makes it an easy target for hackers, said Fortify.

Fortify’s warning comes days after the FBI told users of Asterisk VOIP PBX software to upgrade to the latest edition.

A security flaw in older versions of Asterisk allows hackers to dial through to users’ telephone systems.

In addition, many VoIP applications are developed as open source, freeware, or shareware, meaning that they have not usually been subject to security checks on their code.

Rob Rachwald, Fortify’s director of product marketing, said: “The problem facing small business users of VOIP PBX systems is that although the PBX is hooked up to the regular telephone network and a company’s broadband Internet connection, most firms’ IT security resources do not extend their complete protective envelope around the PBX platform.

“This means that users of VOIP PBX systems who think their telephone system is covered by, for example, a firewall application, can wake up with a nasty surprise on the phone bill front, after their PBX system has been compromised.”

ONe solution is to install PBX software onto a specialist diskless service. This increases security, and boosts call quality and reliability.

Story link: Fortify warns of VoIP PBX security risk