VoIP vulnerabilities

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

VoIP is vulnerable to similar types of attacks that Web connection and emails are prone to. VoIP attractiveness, because of its low fixed cost and numerous features, come with some risks that are well known to the developers an are constantly being addressed. But these risks are usually not mentioned to the business which is the most common target.[1]

VoIP also allows the use of fraud and shady practices that most people are not aware of. And while this practices are restricted by most providers, the possibility that someone is using them for his own gain still exists.

Vulnerabilities[edit]

Remote eavesdropping[edit]

Unencrypted connections lead to communication and security breaches. Hackers/trackers can eavesdrops on important or private conversations and extract valuable data. The overheard conversations might be sold to or used by competing businesses. The gathered intelligence can also be used as blackmail for personal gain.[2][3]

Network attacks[edit]

Attacks to the user network, or internet provider can disrupt or even cut the connection. Since VOIP is highly dependent on our internet connection, direct attacks on the internet connection, or provider, are highly effective way of attack. This kind of attacks are targeting office telephony, since mobile internet is harder to interrupt.[3] Also mobile applications not relying on internet connection to make VOIP calls.[4] are immune to such attacks.

Default security settings[edit]

Hardphones (a.k.a. VoIP phone) are smart devices, they are more a computer than a phone, and as such they need to be well configured. The Chinese manufacturers, in some cases are using default passwords for each of the manufactured devices leading to vulnerabilities.[5]

VOIP over WiFi[edit]

VoIP even while VoIP is relatively secure in 2017, it still needs a source of internet, which in most cases is WIFI network. And while a home/office WIFI can be relatively secure, using public or shared networks will further compromise the connection.[6]

VOIP exploits[edit]

VoIP spam[edit]

Voip has its own spam called SPIT (Spam over Internet Telephony). Using the unlimited extensions provided by VOIP PBX capabilities, the spammer can constantly harass his target from different numbers. The process is not hard to automate and can fill the targets voice mail with notifications. The caller can make calls often enough to block the target from getting important incoming calls. This practices can cost a lot to the caller and are rarely used for other than marketing needs.[7]

VoIP phishing[edit]

VOIP users can change their Caller ID (a.k.a. Caller ID spoofing), allowing caller to represent himself as relative, colleague, or part of the family, in order to extract information, money or benefits form the target.[8]

See also[edit]

References[edit]