VoIP Hacking Pitfalls And Prevention

VoIP hacking is a new term that strikes fear into the hearts of many residential and corporate users thinking about upgrading from their existing traditional phone network and in some cases even dissuades them from doing so.

Thankfully, although talk of VoIP hacking goes back to 2004 and earlier, there are relatively few reports of it and it certainly does not compare to the levels of malicious use seen in the days of “blue boxing” and company PBX misuse.

In essence, VoIP becomes susceptible to hacking because in transferring analogue voice data into a digital form that is carried over the internet, some security firms say this is tantamount to gaining all the risks of computer data systems such as bugs, but also worms and viruses. Hackers already have their existing tools of the trade that they have owned for years, and can simply transfer these to the world of VoIP.

Types of VoIP Hacking

There are a number of types of such malicious use, all of which can be potentially very damaging:

Audio spam is a recently increasing form of abuse – we have all become accustomed to email spam and the same mechanisms that allow for distribution of spam to millions at a minimal cost also apply to the convergence of voice and data. Companies will have to get smart and combat such spam using complex filters.

Voice phishing is likely to increase. This is a form of social engineering where the person being called is convinced to hand over sensitive and confidential information. The ability to send out mass recordings over the internet via VoIP is likely to increase this type of malicious practice.

Caller ID spoofing is where the caller is able to pretend to be someone else, probably to obtain sensitive information from the person at the end of the line. Unless VoIP systems are made secure, this will otherwise likely be an easy to perform “hack”.

Call hijacking is the interception of a call intended for a particular party and relaying it to someone else. Again, this is likely to be used in conjunction with some form of social engineering.

Sometimes a hacker may simply wish to shut down a telephone network through brute force or denial of service attacks. For some companies, such disruption of business can cost millions of dollars. A disgruntled employee, for example, may try such an attack.

Wiretapping or phone tapping can be considered to be more simple to perform on a VoIP network. Because a hacker can access the system from afar via the internet, he need not jack directly in to the local phone network. Such compromising or sensitive information can be sold on by the criminal fraternity or even espionage carried out.

Worms and trojan horses can also use spoofing to disguise themselves within a voice packet. Once behind the corporate firewalls, they can wreak havoc on a company’s business critical systems.

How To Protect Yourself From VoIP Hacking

Whilst there are a number of risks from such practises above, minimizing the risk can enable you to obtain all the advantages of lower costs and valuable services. Most large companies are now considering migration to VoIP and have mitigated the risks by using advanced encryption and placing control of such systems to only a critical few persons.

Such measures can allow you to enjoy the benefits of VoIP in a secure operating environment with business risk being minimal and insignificant.

Christopher Buckley is owner of one of the internet’s largest VoIP resources.
To find out more about VoIP solutions, visit VoIP Digest

One thought on “VoIP Hacking Pitfalls And Prevention”

  1. From all voice over ip lines that I have established, I like VOIPO the preferred. The reason why for this is very good consumer support as well as consistency In addition, it cost much less then 10 per month which is not a poor value, considering that Vonage is almost $30 dollars. Unit installation was a really easy, but i had to reluctantly communicate support once to aid me open ports in firewall software.Anybody have Voipo services?

Leave a Reply

Your email address will not be published. Required fields are marked *