Category: Security & Privacy
At first sight, using any VoIP client on the iPhone or the iPod Touch (a.k.a. iDevices) may seem like a uninteresting thing. The reason for this is that Apple does not allow 3rd party applications to run in the background. So when a user close down his iVoIP Client he will not be able to receive any calls at all, thus defeating the reason for using VoIP on these devices in the first place.
However, if we take a look at some of the VoIP clients offerings available we notice that a few of these clients have the ability to receive incoming calls, even when the software it self is not running.
At first sight this seems to be a Good Thing - however, there are severe security implications by doing this. Users will in fact willingly, put them self under a man-in-the-middle attack.
We all know the bad ugly truth: Most people do not update their PBX software to handle the latest security vulnerabilities. As long as your PBX can receive incoming client connections you are at risk. Not because you have given your user weak user name / password combinations, but because your PBX has a security flaw you did not know about.
Let's face it: PBX security is not as sexy as operating systems or web security. When did you last read about a security flaw in a PBX product in the main stream IT-press? Compare this to any mention of a OS or web security hole.
There are a couple of things you can do to make your PBX installation as secure as possible. The most obvious one is to have a strong password regime. There are also those who believe that strong user names are also the way to go. I will not deny that this is a bad thing per se, but it is not very user friendly.
Last year Sweden effectuated a law giving the Powers That Be the right to listen in on all Internet traffic passing the border of the country. Sweden was just the first country to put such legislation into play. When I was visiting the CeBIT fair in Hannover earlier this year, I learned the Germany also are putting such legislation in place and that other EU countries will follow suit.
The really grave issue here is that the Powers That Be can monitor and intercept such traffic without needing a court order. Yes - you read this correctly. It is no joke.