VoIP Privacy

April 2007

©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute

2

About BroadSoft

MarketLeader MarketLeader

VoIP Application Software

VoIP Application Software

Partner ofChoice

Partner ofChoice

• Founded in 1998• Commercially Deployed 5+ years• Profitable

• 250+ Fixed & Mobile Service Providers• 7 of top 10 (and 13 of the top 25) global

carriers

• Leading IMS Vendors• E.g., Ericsson, Lucent• 5 of top 6 TEMs OEM BroadWorks

• Hosted PBX / IP Centrex

• Bus. Trunking• Residential Broadband• Mobile PBX• Voice and Multimedia

Most Deployments

Most Deployments

©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute

3

7 of top 10 and 13 of top 25 global carriers7 of top 10 and 13 of top 25 global carriers

Leading Global Customer Base

©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute

4

What is VoIP?

• Consumer– Voice Over the Internet

• Vonage, Skype etc

• Business– IP based PBX systems– IP Centrex Systems

• Switching occurs in the service provider network

Internet

IP Network

©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute

5

Significant Global VoIP Subscriber Growth

Source: Ovum & Infonetics, 2006

0

15

30

45

60

75

90

105

120

135

150

165

Su

bsc

ribe

rs (

M)

2005 2006 2007 2008 2009

©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute

6

Current VoIP Privacy Issues

• Normal Data Attacks– DoS Attacks on data networks brings down all

applications including data– Open source PBX’s have known buffer

vulnerabilities

• SIP Vulnerabilities– Registration hijacking– Message tampering– Session tear-down– VoIP targeted DoS attack

©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute

7

Current VoIP Privacy Issues

• SPIT (Span over Internet Telephony)– Imagine your voice mail being filled up with

Viagra adverts?– Huge potential for issues– Not many real world instances

• Vishing – Phishing using telephony– VoIP lowers the cost of Vishing – Small scale today– Already attacks on Paypal

©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute

8

Current VoIP Privacy Issues

• VoIP Hacking– One instance of brute force hacking in 2006– $1M fraud: Offender behind bars

• Eavesdropping– Man in the middle attacks– Similar techniques already in place by security

services for Lawful Intercept

©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute

9

And Lastly……Stealing Minutes

• Phreakers– Phreakers break into gateways to steal minutes– 200M mins/month stolen worth an estimated

$26M/month*– Transport networks now moving to private

connectivity to avoid Phreakers

* Source Stealth Communications

©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute

10

Current State of Play

• All the afore mentioned problems have either been solved or are close to being solved by session boarder controllers

– Also addressed in IMS

• Service providers are implementing or have implemented security systems

• Businesses building their own VoIP networks will have to be extremely careful about implementation