In a blast of the obvious today:
Security industry watchers say organizations need to take a layered approach to VOIP security.
In more obvious statements:
"For example, IP phones run operating systems and supporting software that make them susceptible to the same types of viruses, worms and malware that plague other computing devices," Fodale said. "As such, businesses will need to regularly assess vulnerabilities and deploy required patches and updates on this equipment."
I know that security folks need to "scare" up business and so talk about potential threats but VoIP security just the same as network security needs a measured approach based on simple good practices. These include physical, network and application layer security approaches, all that have been around for long time.
VoIP security is also based on measured and appropriate security. By that I means security should be appropriate for the level of activity that needs to be secured. For example, I talk to my folks a lot on my VoIP phones. If some hacker wants to listen to my conversations with my mum, knock yourself out!!!. For business and sensitive information there are other avenues that are more secure (although it is clear that cellphones are completely hackable). It is up to people to make the right approach for the right job, and not get hung up on potential threats:
However, he (Paul Wood) added, VOIP security threats remain largely theoretical, as hackers and cyber-thieves tend to focus their efforts on e-mail.
The Leader in Network Knowledge
VoIP attacks not theoretical
You can find several real-world VoIP hacking incidences catelogued at http://www.sipera.com/index.php?action=resources,vulnerabilities_list