Upload
brooke-griffin
View
25
Download
1
Embed Size (px)
DESCRIPTION
Is there any Security with Voice Mail?. By Melanie Feder ECE478 Dr. Koc May 31, 2002. Voice Mail Intruders? Just ask. Carly Fiorina of Hewlett Packard what she said led to a law suit and trial Reliable Consulting Firm lost customers due to messages intercepted Successful hacker - PowerPoint PPT Presentation
Citation preview
Is there any Security with Voice Mail?
By Melanie FederECE478 Dr. KocMay 31, 2002
Voice Mail Intruders? Just ask...• Carly Fiorina of Hewlett Packard
– what she said led to a law suit and trial
• Reliable Consulting Firm– lost customers due to messages
intercepted
• Successful hacker– created infinite loops through voice
mail systems
Security and Privacy
• Privacy doesn’t exist- messages are archived even when deleted
• Most systems are not secure (Not confidential)
• Be Careful!
Password Vulnerabilities• Major Problem: Easy to Break
Passwords– usually 4-6 numbers in length out of 10
possible– passwords chosen usually easy to
remember– factory passwords not changed
PBX Vulnerabilities Examples• Can tap into maintenance ports• Remote access by nature• Usually helped maintained by
contractors• Software upgrades can lead to
vulnerabilities
Laws Surrounding Security
• Uncharted territory• Conflicting Laws
– 1968 Wiretap Act– 1986 Electronic communications
Privacy Act
• 33 states have their own laws, but can’t keep up with technology
Measures to Curb Break-Ins• Lock up the PBX Center at all
Times• Educate employees about
passwords• Disconnect unused outlets, LAN
connections, etc.• Monitoring (spying?)• Encryption...
Cryptography for Voice Mail?• Not widely used yet…• Public/ private key encryption
– PKI and CA for public keys– PGP– S/MIME– Digital voice encryptor/decryptor
Disadvantages
• Delays in throughput• Voice clarity if use encryption
results in reduced bandwidth• Expense
Conclusion
• Voice mail systems are very vulnerable
• Many cases exist to date of voice mail intrusions
• Laws are waffling about legality and privacy vs. security
• Security technology has not kept pace with hackers