VoIP Hacking Pitfalls And Prevention
VoIP hacking is a new term that strikes fear into the hearts of many residential and corporate users thinking about upgrading from their existing traditional phone network and in some cases even dissuades them from doing so.
Thankfully, although talk of VoIP hacking goes back to 2004 and earlier, there are relatively few reports of it and it certainly does not compare to the levels of malicious use seen in the days of “blue boxing” and company PBX misuse.
In essence, VoIP becomes susceptible to hacking because in transferring analogue voice data into a digital form that is carried over the internet, some security firms say this is tantamount to gaining all the risks of computer data systems such as bugs, but also worms and viruses. Hackers already have their existing tools of the trade that they have owned for years, and can simply transfer these to the world of VoIP.
Types of VoIP Hacking
There are a number of types of such malicious use, all of which can be potentially very damaging:
Audio spam is a recently increasing form of abuse – we have all become accustomed to email spam and the same mechanisms that allow for distribution of spam to millions at a minimal cost also apply to the convergence of voice and data. Companies will have to get smart and combat such spam using complex filters.
Voice phishing is likely to increase. This is a form of social engineering where the person being called is convinced to hand over sensitive and confidential information. The ability to send out mass recordings over the internet via VoIP is likely to increase this type of malicious practice.
Caller ID spoofing is where the caller is able to pretend to be someone else, probably to obtain sensitive information from the person at the end of the line. Unless VoIP systems are made secure, this will otherwise likely be an easy to perform “hack”.
Call hijacking is the interception of a call intended for a particular party and relaying it to someone else. Again, this is likely to be used in conjunction with some form of social engineering.
Sometimes a hacker may simply wish to shut down a telephone network through brute force or denial of service attacks. For some companies, such disruption of business can cost millions of dollars. A disgruntled employee, for example, may try such an attack.
Wiretapping or phone tapping can be considered to be more simple to perform on a VoIP network. Because a hacker can access the system from afar via the internet, he need not jack directly in to the local phone network. Such compromising or sensitive information can be sold on by the criminal fraternity or even espionage carried out.
Worms and trojan horses can also use spoofing to disguise themselves within a voice packet. Once behind the corporate firewalls, they can wreak havoc on a company’s business critical systems.
How To Protect Yourself From VoIP Hacking
Whilst there are a number of risks from such practises above, minimizing the risk can enable you to obtain all the advantages of lower costs and valuable services. Most large companies are now considering migration to VoIP and have mitigated the risks by using advanced encryption and placing control of such systems to only a critical few persons.
Such measures can allow you to enjoy the benefits of VoIP in a secure operating environment with business risk being minimal and insignificant.
To find out more about VoIP solutions, visit VoIP Digest
2 Comments
Imran Malik
04.06.2010
Impressive piece of information, let me elaborate more on VoIP. Voice over Internet Protocol has been around since many years. But due to lack of sufficient and affordable bandwidth it was not possible to carry carrier grade voice over Internet Protocol. But since the arrival of low cost internet bandwidth and new speech codecs such as G.729, G.723 which utilizes very low payload to carry carrier class voice it has recently been possible to leverage the true benefits of VoIP. G.723 codec utilizes only 6 Kbps (Kilo Bytes/sec) which is capable of maintaining a constant stream of data between peers and deliver carrier grade voice quality. Lets put this way if you have 8 Mbps internet connection, by using G.723 codec you can run upto 100 telephone lines with crystal clear and carrier grade voice quality. I am also a user of VoIP and have setup a small PBX at home. Since I have discovered VoIP I have never used traditional PSTN service.
Dear readers, if you have not yet tried VoIP I suggest that you try VoIP technology and I bet you will never want to use the traditional PSTN phone service ever again. VoIP has far more superior features to offer which traditional PSTN sadly cannot offer.
Also It has recently been possile to carry Video alongwith VoIP by using low payload video codecs. I cannot resist to tell you that by using T.38 passthrough and disabling VAD VoIP can carry FAX transmission, but beaware FAX T.38 passthrough will only work when using wide band protocols such as G.711, a-Law and u-Law.
By using ATA (Analog Telephone Adapter) which converts VoIP signals into traditional PSTN you can also using Dial-up modems to connect to various dialup services. I wont go in to the details what VoIP can offer, to cut my story short VoIP is a must to have product for every business and individual.
How VoIP Works
When we make a VoIP call, a communication channel is established between caller and called party over IP (Internet Protocol) which runs on top of computer data networks. A telephony conversation that takes place over VoIP are converted into binary data packets streams in real time and transmitted over data network, when these data packets arrive at the destination these are again converted into standard telephony conversation. This whole process of voice conversion into data, transmission and data conversion into back voice conversation takes place within less than few milliseconds. That is how a VoIP is call is transmitted over data networks. I hope that now you understand basics of how a VoIP call takes place.
What are speech codec’s and what role codec plays in VoIP?
Speech codec play a vital role in VoIP and codec determines the quality and cost of the call. Let me explain you what exactly VoIP codec’s are and how they work. You may have heard about data compression, or probably you have heard about air compressor which compresses a volume of air in enclosed container, VoIP codec’s are no different than a air compressor. Speech codec’s compresses voice into data packets and decompresses it upon arrival at destination. Some VoIP codec’s can compress huge amount of voice while maintaining QoS which means use this type of codec will cost less because it will consume just a fraction of data network. Some codec’s are just not capable of encoding huge amount of voice they simply consume huge amount of data networks bandwidth hence the cost goes up.
Following is a list of VoIP codec’s along with how much data network bandwidth they consume.
* AMR Codec
* BroadVoice Codec 16Kbps narrowband, and 32Kbps wideband
* GIPS Family – 13.3 Kbps and up
* GSM – 13 Kbps (full rate), 20ms frame size
* iLBC – 15Kbps,20ms frame size: 13.3 Kbps, 30ms frame size
* ITU G.711 – 64 Kbps, sample-based Also known as alaw/ulaw
* ITU G.722 – 48/56/64 Kbps ADPCM 7Khz audio bandwidth
* ITU G.722.1 – 24/32 Kbps 7Khz audio bandwidth (based on Polycom’s SIREN codec)
* ITU G.722.1C – 32 Kbps, a Polycom extension, 14Khz audio bandwidth
* ITU G.722.2 – 6.6Kbps to 23.85Kbps. Also known as AMR-WB. CELP 7Khz audio bandwidth
* ITU G.723.1 – 5.3/6.3 Kbps, 30ms frame size
* ITU G.726 – 16/24/32/40 Kbps
* ITU G.728 – 16 Kbps
* ITU G.729 – 8 Kbps, 10ms frame size
* Speex – 2.15 to 44.2 Kbps
* LPC10 – 2.5 Kbps
* DoD CELP – 4.8 Kbps
Switch to VoIP Today and you will never want to use traditional PSTN ever again.
Thanks
-Imran
Bianca Hiester
01.13.2011
From all voice over ip lines that I have established, I like VOIPO the preferred. The reason why for this is very good consumer support as well as consistency In addition, it cost much less then 10 per month which is not a poor value, considering that Vonage is almost $30 dollars. Unit installation was a really easy, but i had to reluctantly communicate support once to aid me open ports in firewall software.Anybody have Voipo services?
There are no trackbacks to display at this time.