Voice Over Ip Explained

Cisco VoIP phones vulnerable to hackers?

The HackLabs cracking demonstration formed part of a VoIP hacking workshop at the AusCERT security conference in Australia yesterday.

GSMK CryptoPhone , which organised the demo, says its aim was to show VoIP phones and corporate IP-driven telephony systems are at risk of having their communications intercepted and confidential information leaked.

The firm adds that its demonstration also illustrates how data on these VoIP systems can be vulnerable to popular hacking techniques.

According to Bjoern Rupp, the company's CEO, it also means that call data can be downloaded from the IP phone and VoIP conversations can be redirected, illegally recorded, or similarly manipulated.

VoIP phone systems, he claims, could turn on their users, hacked to become networked listening devices (infinity bugs), wiretapped remotely or silenced, so blacking out communications.

Businesses, says Rupp, have been putting themselves at risk by cutting corners with cheap VoIP phone technologies, neglecting the fact that modern IP phones are, in fact, specialised computers that need to be protected, just like laptops and desktops.

"This demonstration only highlights the need for comprehensive IT security policies and the 360-degree security that protects modern mobile and fixed-line phones against attacks from outside threats", he explained.

Rupp went on to say that, increasingly, phone fraudsters are being hired by rival businesses, getting insider information and critical data without ever being suspected.

"If sensitive information gets leaked, it can have disastrous financial consequences and damage business reputations", he said.

"With many corporate users having prioritised VoIP cost savings over essential communications security in the past two years, businesses should start addressing this problem now and ensure that they can protect their telephone systems and counter the threats to unencrypted voice communications", he added.

VoIP Security Threats Explained | Nuansa Blog

In a recent report issued by CompTIA, the Computer Technology Industry Association, 50% of small and medium sized businesses (SMBs) had very little trust in the security offered by VoIP vendors, or for that matter, voice over IP security in general.

It is true, having your voice and data running on the same infrastructure leaves your telecommunications particularly vulnerable to all the security threats inherent in an IP network. Viruses, Trojan Horses, and worms can all wreak havoc on a network, and having your voice network go down for even the shortest time is intolerable for most business.

That said, security has come a long way, and most attacks can be stopped at the gateway by a good network administrator. While attacks on VoIP networks in particular are by no means widespread, the possibilities are there, if not imminent, and pose a very real threat to the very time sensitive requirements of voice over IP.

The following is a compilation of just some of the security threats facing a voice over IP network, as well as some security measures that could be taken to prevent such attacks.

SPIT: The new Spam for VoIP

Most anybody that receives email is familiar with the term Spam. Who among us has not received dozens of unsolicited emails, clogging up our mailboxes and causing us to waste our valuable time? Laws have been made to reduce the clutter in our mailboxes, and major offenders have been fined heavily and in some cases put in jail.

Spam is basically the broadcasting of advertisements, announcements, or other unwanted messages, over a network or networks, ending up in the mail boxes of anyone that has an email address on that network. At worst, spam is frustrating for the recipient, and can also cause network problems utilizing a good majority of bandwidth that is meant for other things. As email applications are connectionless and not sensitive to time delay, eventually the recipient will receive their emails intact, albeit a few minutes later than it would normally take.

Spam over Internet telephony, otherwise known as SPIT, can have far greater consequences than email spam. Spitters that target VoIP gateways can use up the available bandwidth, severely disrupting Quality of Service and causing a major degradation in voice quality.

The open nature of VoIP phone calls makes it easy for spitters to broadcast audio commercials just as email advertisements are broadcast. On closed networks like Vonage or Skype, or even your companies LAN, it is a little more difficult as the spitter would have to hack into the network in order to implement the broadcast. It can, however, be done.

Voice over IP fundamentals

Voice over IP, systems and solutions

Carrier grade voice over IP

Hacking exposed VoIP, voice over IP security secrets & solutions

Understanding Voice Over IP Technology