Fortify Software warns firms to beware VOIP code risks

The advice comes after an FBI announcement that users of the Asterisk VoIP PBX software should upgrade to the latest edition to avoid a security flaw that allows hackers to dial-through access on their telephone systems. “The problem facing small business users of VoIP PBX systems is that although the PBX is hooked up to the regular telephone network and a company’s broadband Internet connection, most firms’ IT security resources do not extend their complete protective envelope around the PBX platform,” explains Rob Rachwald, Fortify’s director of product marketing. “This means that users who think their telephone system is covered by, for example, a firewall, can wake up with a nasty surprise on the phone bill front, after their PBX system has been compromised,” he adds. According to Rachwald, many VoIP applications are either open source, freeware or shareware, meaning they have not usually undergone code auditing and program vulnerability analysis. Firms need to be aware of the risks involved and contact a security specialist now to see whether their software has been code verified, he counsels.