VoIP vulnerabilities
VoIP is vulnerable to similar types of attacks that Web connection and emails are prone to. VoIP attractiveness, because of its low fixed cost and numerous features, come with some risks that are well known to the developers an are constantly being addressed. But these risks are usually not mentioned to the business which is the most common target.[1]
VoIP also allows the use of fraud and shady practices that most people are not aware of. And while this practices are restricted by most providers, the possibility that someone is using them for their own gain still exists.
Vulnerabilities
Remote eavesdropping
Unencrypted connections lead to communication and security breaches. Hackers/trackers can eavesdrops on important or private conversations and extract valuable data. The overheard conversations might be sold to or used by competing businesses. The gathered intelligence can also be used as blackmail for personal gain.[2][3]
Network attacks
Attacks to the user network, or internet provider can disrupt or even cut the connection. Since VOIP is highly dependent on our internet connection, direct attacks on the internet connection, or provider, are highly effective way of attack. These kinds of attacks target office telephony, since mobile internet is harder to interrupt.[3] Also, mobile applications that do not rely on internet connection to make VOIP calls[4] are immune to such attacks.
Default security settings
Hardphones (a.k.a. VoIP phones) are smart devices. They are more of a computer than a phone, and as such they need to be well configured. In some cases, Chinese manufacturers are using default passwords for each of the manufactured devices which leads to vulnerabilities.[5]
VOIP over WiFi
While VoIP is relatively secure, it still needs a source of internet, which in most cases is a WIFI network. And while a home/office WIFI can be relatively secure, using public or shared networks will further compromise the connection.[6]
VOIP exploits
VoIP spam
VoIp has its own spam called SPIT (Spam over Internet Telephony). Using the unlimited extensions provided by VOIP PBX capabilities, the spammer can constantly harass his target from different numbers. The process is not hard to automate and can fill the targets voice mail with notifications. The caller can make calls often enough to block the target from getting important incoming calls. This practice can be costly to the caller and is rarely used other than for marketing needs.[7]
VoIP phishing
VOIP users can change their Caller ID (a.k.a. Caller ID spoofing), allowing caller to represent himself as relative, colleague, or part of the family, in order to extract information, money or benefits from the target.[8]
See also
- Comparison of VoIP software
- INVITE of Death
- List of VoIP companies
- Mobile communications over IP - Mobile VoIP
- Voice over WLAN - VoIP over a WiFi network
References
- Securing VoIP Networks book by Peter Thermos, Ari Takanen, ISBN 978-0-321-43734-1
- Unencrypted VoIP poses security threat
- Security Advisories by Asterisk
- Pindo - Mobile VoIP without internet connection
- Researchers Find VoIP Phones Vulnerable to Simple Cyberattacks
- VoIP Threats And Vulnerabilities #6
- Top VoIP vulnerabilities
- The Vulnerabilities of VoIP