If Google trends are any indication, VOIP security is no longer the buzz word it once was. The initial hysteria can be attributed to the fear of the unknown and adapting to new and unconventional technologies. But with VoIP going mainstream, companies and individual consumers are more comfortable with the technology, and their fears about security are subsiding. However, despite this greater comfort, VoIP is still not totally secure.    

There are a number of security threats relating to VOIP, such as SIP Vulnerability, SPIT, vishing, eavesdropping, and Denial of Service (DOS), the latter of which took down Twitter today. Since VoIP runs on an IP network, it shares some threats and vulnerabilities with other Internet applications, which are addressed by the security precautions in the present network environment. 

As for VoIP-specific security concerns, it has not been an attractive market for hackers for a while. Except for some stray incidents, we have not seen any major breach of VoIP networks. Part of this is due to the complexity involved in creating applications to hack VoIP networks, and part has to do with the changing VoIP product landscape. 

VoIP has transformed into the bigger, more converged product base of Unified Communications. The convergence of unified messaging and communicator segments such as IM, presence, IP telephony, video conferencing, call control and speech control are shifting the security paradigm and creating a new combination of issues.  However, the initial buzz around VoIP security helped companies to be well prepared and address most basic security concerns. In addition, security is addressed at multiple stages of the product chain. For example, GIPS addresses the security of its products at the “engine” level, while companies like Citrix, Avaya and Yahoo re-address it at the end product level.

So in the short term, as new communications products evolve and gain traction, we will most likely not see a lot of VoIP security break-ins.  However, the danger lies down the road, possibly as far off as the next decade.  At this point, current products will be mature and commonplace across enterprise and consumer premises, essentially becoming legacy systems.  This will attract more attention from the hacking world with specific VoIP attacks.  Though UC companies will address some of these security issues in each subsequent product release, the general attitude of the enterprise world will be one of lethargy towards upgrading to the newer installed communications infrastructure.  This will make old versions of products easy targets for hackers, resulting in very real threats in the long run.