Is your phone secure enough?

Many people fail to recognize the security risks associated with Internet-connected, or Voice over Internet Protocol (VoIP), phones — and there are many. While most government agencies and businesses have protected their phones by securing lines when in use, an equally significant threat has been largely overlooked: protecting phones while not in use. What many organizations don’t know is that someone can listen in on what you think is a closed-door conversation by using a phone as a listening device, even while it’s on the hook.

Sophisticated hackers can detect minute electrical signals generated by the natural microphonic characteristics of common materials to turn on-hook telephones and even phone cables into listening devices, without any modification to the off-the-shelf equipment. These objects vibrate in the presence of normal room conversations and can actually transmit audio signals, making your conversation vulnerable to eavesdropping. In fact, researchers from Teo, a provider of government, commercial and military-grade communications technologies, were able to easily recover intelligible human voices from standard phone equipment connected to Cat 5 Ethernet cables.

The demonstration of attacks on Cisco’s VoIP phones last year by HackLabs underscores the security risks associated with Internet-connected phones. Although the demonstration was just that – and not a serious security breach – it sheds light on the need for TSG-6 certified devices, particularly in highly secure environments.

Fortunately, there’s a solution to this high-risk problem. Devices that are TSG-6 certified by the National Telecommunications Security Working Group (NTSWG) prevent this eavesdropping threat posed by almost all unapproved equipment. To meet TSG requirements, positive-disconnect circuitry and ultra low-emissions technology in phones ensure that no microphonic audio signals are produced on any wires leaving the phone when it’s on-hook, reducing the security risk of privileged conversations being intercepted.

Teo offers a suite of TSG-6 certified solutions for secure communications, including TSG-6 secure VoIP phones, TSG-6 secure ISDN phones and a TSG-6 secure standalone NT1. The company has designed its TSG-6 IP phones to work with all VoIP platforms that support industry-standard SIP protocol. The company’s TSG-6 IP phones meet the requirements specified in the Committee on National Security Systems (CNSS) Instruction No. 5000 and 5001, and have been tested for compliance and approved by the NTSWG.

Teo has provided telecommunications equipment to organizations such as the Pentagon and the CIA. It was the first manufacturer to receive TSG-6 certification for an IP phone and was also the first to receive CNSS Class A certification for a PoE-enabled phone.

With certified equipment, government and commercial organizations can remain secure on or off-hook. Address the risk today to protect your organization from tomorrow’s threat.

About the Author:

Thomas M. Beck is the director of marketing and business development at Teo, a Seattle-based telecommunications company with more than 30 years of experience providing solutions to the public and private sectors. In his current role, he manages strategic business development, marketing, advertising, PR and partner relationships.