VoIP Hopping: A Method of Testing VoIP security or Voice VLANs

by Jason Ostrom, John Kindervag
Sept. 15, 2017 1 comment Symantec Management

We have found that there is a relatively low awareness throughout corporate America as to the various risks posed by Converged VoIP solutions. In a converged VoIP deployment, a single Ethernet cable provides both the phone service and the computer connection. As most IP Phones have an Ethernet jack on the back to plug in the computer, this provides the enterprise cost savings on both cabling and moves/adds/changes. However, this same functionality can open up new security holes in the network. Our primary concern is gaining privileged access through publicly accessible IP phones, such as those found in lobbies, hotel rooms, and conference rooms. There is a possibility for unauthorized users to get to places that don’t belong on the network and it is important for those deploying VoIP technology to understand the risks.


Steven Ulm 8 months ago

Not sure if there is a 100% working VoIP security solution. The method is good to try though...