Not one, two, or even a dozen. Nope. Canadian lab VoIPshield says it has identified more than 100 security vulnerabilities in VoIP systems sold by Avaya, Cisco and Nortel that hackers can exploit.
 
"The limited number of high-profile attacks against IP telephony has lulled most chief information security officers and voice/data managers into a false sense of security, with the result that most do not have adequate protection for their converged networks," said Lawrence Orans, research director for networking and communications equipment at Gartner Research. "As IP telephony continues to gain momentum, targeted attacks--and possibly broad-based attacks--will surface and gain greater visibility, highlighting vulnerabilities and the overall lack of focus on IP telephony security."
 
Last week, research firm In-Stat released a report saying enterprise VoIP security was lax [1]; while 80 percent of companies said they'd deployed some type of VoIP solution, more than 40 percent don't have security options in place.
 
For more on how enterprise VoIP is vulnerable:
- Read the New York Times story [2]
- Read the release [3] 
- And, check out the list of vulnerabilities [4] 

Related articles:
Enterprise VoIP security [5] iffy at best
UC security [6] is an urgent priority