VoIP Security Threats Explained
It is true, having your voice and data running on the same infrastructure leaves your telecommunications particularly vulnerable to all the security threats inherent in an IP network. Viruses, Trojan Horses, and worms can all wreak havoc on a network, and having your voice network go down for even the shortest time is intolerable for most business.
That said, security has come a long way, and most attacks can be stopped at the gateway by a good network administrator. While attacks on VoIP networks in particular are by no means widespread, the possibilities are there, if not imminent, and pose a very real threat to the very time sensitive requirements of voice over IP.
The following is a compilation of just some of the security threats facing a voice over IP network, as well as some security measures that could be taken to prevent such attacks.
SPIT - The new Spam for VoIP
Most anybody that receives email is familiar with the term Spam. Who among us has not received dozens of unsolicited emails, clogging up our mailboxes and causing us to waste our valuable time? Laws have been made to reduce the clutter in our mailboxes, and major offenders have been fined heavily, in some cases put in jail.
Spam is basically the broadcasting of advertisements, announcements, or other unwanted messages, over a network or networks, ending up in the mail boxes of anyone that has an email address on that network. At worst, spam is frustrating for the recipient, and can also cause network problems utilizing a good majority of bandwidth that is meant for other things. As email applications are connectionless and not sensitive to time delay, eventually the recipient will receive their emails intact, albeit a few minutes later than it would normally take.
Spam over Internet telephony, otherwise known as SPIT, can have far greater consequences than email spam. Spitters that target VoIP gateways can use up the available bandwidth, severely disrupting Quality of Service and causing a major degradation in voice quality.
The open nature of VoIP phone calls makes it easy for spitters to broadcast audio commercials just as email advertisements are broadcast. On closed networks like Vonage or Skype, or even your companies LAN, it is a little more difficult as the spitter would have to hack into the network in order to implement the broadcast. It can, however, be done.
The ability to broadcast audio messages over a VoIP network is not, in itself, necessarily a bad thing. Companies should be able to get out important messages quickly, and on a broader scope, emergency services could easily communicate mandatory evacuations, or warn of impending disasters in the event of catastrophe.
While Spit is certainly a technical possibility, to date, we have not seen a lot of it. In 2004, the peer to peer VoIP network Skype got hacked into, and users were inundated with unsolicited audio messages. Shortly thereafter, Skype had found and closed the loophole in the network. One other legal recourse is to get on the national Do Not Call list, to prevent solicitors from bombarding your voice mail box
Probably one of the scariest vulnerabilities of VoIP is the ability of an outsider to eavesdrop on a private conversation. This concept is nothing new to IP data networks, and generally requires a packet analyzer to intercept IP packets, and in the case of VoIP, saving the data as an audio file. Hackers then have the ability to learn user ids and passwords, or worse, to gain knowledge of confidential business information.
While it is true that eavesdropping occurs on traditional telephone lines as well as cellular networks, for someone to tap into your home phone line pretty much requires a physical presence outside your house. In the case of an IP network, a hacker requires only a laptop, some readily available software, and the knowledge of how to hack into your network.
Security analysts have long used encryption techniques to protect the confidentiality of data traveling through an IP network, and the same concept holds true for voice packets. The challenge with voice is to encrypt strongly and quickly, to protect confidentiality and as not to slow down the packet flow.
Nevertheless, if someone really wants to listen in on your calls, no type of telecommunication is 100% secure.
Phishing the Waters of Voice over IP
Another variation of an email attack, Phishing is designed to trick a user into revealing sensitive data such as user names, passwords, bank accounts, credit cards, and even social security numbers. In the case of VoIP, the attack could come as a voice mail message urging you to call a designated number and provide your user information. Even if the call is automated, touch tones can be easily deciphered. Depending on what information they get, hackers can use it to access bank accounts, or to steal identities.
While you can program a PBX to restrict call backs to known phishers, as more users become familiar with the pitfalls of the Internet, it becomes common knowledge to never give out sensitive information to automated media, be it via data or voice.
SIP Registration Hijacking
The Session Initiation Protocol (SIP) is becoming widely accepted as the method for setting up VoIP phone calls. The process involves a Registrar (in some cases the company PBX itself), which maintains a database of all users subscribed to the network, and basically maps their telephone number to an IP address.
Registration hijacking occurs when the packet header of either party is intercepted by a hacker, who substitutes his IP address for that of the legitimate one. Attacks can take the form of fraudulent toll free calls, denial of service attacks that can render the user's device useless, or a simple diversion of communication.
Another hack that is well known in data networks is spoofing Also known as a man in the middle attack, spoofing requires hacking into a network and intercepting packets being sent between two parties. Once the IP address or phone number of the trusted host is discovered, hackers can use this attack to misdirect communications, modify data, or in the case of Caller ID Spoofing, transfer cash from a stolen credit card number.
SIP registration hijacking is a form of spoofing. Both of these spoofs, as well as other hacks such as eavesdropping, can be prevented by employing encryption techniques at the call set up phase. Today, the up and coming mechanism to achieve this is to send SIP messages over an encrypted Transport Layer Security channel. Putting these two protocols together forms the acronym SIPS.
There is no doubt that IP networks can be, and are, hacked into. Since a converged network consists of data and voice, VoIP is as vulnerable as any application to these disruptions, but with a downtime tolerance of no more than 5 minutes a year, such interruptions are considered intolerable for voice applications.
As of today, most of these security threats are not wide spread, and are presented here as a what could happen in the future scenario. Industry experts agree that as voice over Internet telephony becomes more wide spread, malicious hacking attempts are bound to follow.
These and other VoIP security threats can be prevented by a vigilant network staff, using all the known security precautions typical of an IP network. No VoIP solution is secure out of the box, and must be locked down by using common sense approaches, including but not limited to changing default passwords, closing down unused ports and services, utilizing firewalls and VPNs for network communications, and diligent intrusion detection.
Related Tags: voip, spit, voip security, voip security threats, sip registration hijacking
Author Michael Talbert is a certified systems engineer and web designer with over 7 years experience in the industry. For more information on VoIP Telecommunications, visit the website VoIP-Facts.net, or the VoIP Facts Blog for up to date industry news and commentary.Your Article Search Directory : Find in Articles
Recent articles in this category:
- Voip Phone Service: What Providers Are Out There
If you are interested in switching to the VoIP technology to make your calls, one of the first and m
- Voip Pbx Phone Systems - Unify Multiple Locations
VoIP PBX phone systems are helpful telecommunication solutions for businesses with offices in severa
- Why Should You Avail Call Back Services?
Today, till the time you don't tell the customers about 'Why' they should opt for certain service, t
- How To Order Toll Free Number For Your Business
The most important technological equipment needed in business is telephone and also it is very essen
- How To Make Cheap Calls To India Using Voip
Many people may still have family back in India. Moving to another country may have been necessary t
- How Voip Has Made Cheap Calls To India Possible
Calling India has been an issue for companies who operate outside of the country for a long time, as
- Negatives Of Hosted Phone System
Every system has its own pros and cons and it is not possible to have a system that is flawless. We
- Make Low Cost International Calls With Call Back Services
Call back is referred to those cases when the originator of a call is immediately called back as a r
- Voip - Advancement In Communication Technology
VoIP stands for Voice over Internet Protocol that is a revolutionary advancement in the communicatio
- Why Voip Is Good For Business
(Establish and maintain business telephonic communications without the additional cost of providing
Most viewed articles in this category:
- The VoIP revolution and digital phones
Digital phones, working with “Voice Over Internet Protocol” (VoIP), have many advantages
- VoIP Spam - Voice Advertisement
Voice to Phone Advertisement over VoIP, or SPIT (Spam over IP Telephony), is a security threat with
- Moving Your Office? Use This Unique Opportunity to Refresh Your Telecommunications Technology
In moving to a new location, you are disrupting all your current processes anyway. Why not take adva
- Call Accounting Software Evolution
Call accounting software is a system that records, translates and reports on telephone call activity
- VOIP: Different Perspectives
VOIP or voice over internet protocol has become the buzzword for the online community, the techno ge
- Vonage Voice Over IP Explained
This article will explain how Vonage voice over IP phone service works and discuss the pros and cons
- IP Phones
IP phones allow its users to speak over an IP network, which could be either Internet or intranet. I
- What You Must Know Before Buying a VOIP Handset
With the recent growth in VOIP and internet telephones, there has also been an increase in the selec
- How VoIP works
Before we understand the working system of VoIP technology it is essential for us to understand the
- VOIP Phone Services : the Yardstick for Voice Telephony
VOIP is the latest inflexion in the world of voice telephony. A VOIP provider would route your call