VoIP vulnerabilities
VoIP is vulnerable to similar types of attacks that Web connection and emails are prone to. VoIP attractiveness, because of its low fixed cost and numerous features, come with some risks that are well known to the developers an are constantly being addressed. But these risks are usually not mentioned to the business which is the most common target.[1]
VoIP also allows the use of fraud and shady practices that most people are not aware of. And while this practices are restricted by most providers, the possibility that someone is using them for his own gain still exists.
Vulnerabilities
Remote eavesdropping
Unencrypted connections lead to communication and security breaches. Hackers/trackers can eavesdrops on important or private conversations and extract valuable data. The overheard conversations might be sold to or used by competing businesses. The gathered intelligence can also be used as blackmail for personal gain.[2][3]
Network attacks
Attacks to the user network, or internet provider can disrupt or even cut the connection. Since VOIP is highly dependent on our internet connection, direct attacks on the internet connection, or provider, are highly effective way of attack. This kind of attacks are targeting office telephony, since mobile internet is harder to interrupt.[3] Also mobile applications not relying on internet connection to make VOIP calls.[4] are immune to such attacks.
Default security settings
Hardphones (a.k.a. VoIP phone) are smart devices, they are more a computer than a phone, and as such they need to be well configured. The Chinese manufacturers, in some cases are using default passwords for each of the manufactured devices leading to vulnerabilities.[5]
VOIP over WiFi
VoIP even while VoIP is relatively secure in 2017, it still needs a source of internet, which in most cases is WIFI network. And while a home/office WIFI can be relatively secure, using public or shared networks will further compromise the connection. [6]
VOIP exploits
VoIP spam
Voip has its own spam called SPIT (Spam over Internet Telephony). Using the unlimited extensions provided by VOIP PBX capabilities, the spammer can constantly harass his target from different numbers. The process is not hard to automize and can fill the targets voice mail with notifications. The caller can make calls often enough to block the target from getting important incoming calls. This practices can cost a lot to the caller and are rarely used for other than marketing needs. [7]
VoIP phishing
VOIP users can change their Caller ID (a.k.a. Caller ID spoofing), allowing caller to represent himself as relative, work colleague, or part of the family, in order to extract information, money or benefits form the target.[8]
See also
- MoIP - Mobile VoIP
- Vowlan — VoIP over a Wi-Fi network
- Comparison of VoIP software
- INVITE of Death
- List of VoIP companies
References
- ↑ Securing VoIP Networks book by Peter Thermos, Ari Takanen, ISBN 978-0-321-43734-1
- ↑ Unencrypted VoIP poses security threat
- 1 2 Security Advisories by Asterisk
- ↑ Pindo - Mobile VoIP without internet connection
- ↑ Researchers Find VoIP Phones Vulnerable to Simple Cyberattacks
- ↑ VoIP Threats And Vulnerabilities #6
- ↑ Top VoIP vulnerabilities
- ↑ The Vulnerabilities of VoIP