Has Your VoIP Been Hacked?

More companies are turning to Voice over Internet Protocol (VoIP) as their phone service. I can see why – it saves money on what is typically a major expense.

By  Sue Poremba | Feb 4, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
Ainsley Jones discusses how more companies are turning to Voice over Internet Protocol (VoIP) as their phone service. I can see why – it saves money on what is typically a major expense.

However, news of a hacker pleading guilty to making over $1 million by selling VoIP minutes and routing them through telecommunications companies is a good reminder that, like anything that involves the Internet and communications, VoIP comes with security risks.

A white paper from McAfee Labs stated that in 2006, there were less than 20 vulnerabilities in VoIP. That number has tripled in the past three years.

McAfee lists a number of security issues with VoIP that range from protocol-level attacks like eavesdropping:


"Eavesdropping attacks can occur because the media transport protocol that carries the conversation lacks encryption in many default configurations. This is the case when using RTP as the media transport layer. For a superior solution, you should use secure RTP (SRTP), which provides both encryption and authentication”

to application-level attacks like vishing:

"We have long verified personal information by phone, and we're generally accustomed to trusting that the callers are who they claim to be. With traditional phone calls we can often track a caller to a physical location and we often rely on caller ID to provide identification. With VoIP these safeguards are gone. Calls can come from anywhere on the Internet and the caller-ID verification can easily be spoofed. Cybercriminals are now exploiting this anonymity using ”vishing” techniques, the combination of VoIP and caller-ID spoofing. Much like phishing, a vishing attack often looks like a financial institution that is asking for personal information such as credit card and social security numbers. We have seen reports of a few of these attacks. In one recent example an email appeared to be from a bank and offered a local VoIP number for contact. Because the number was local, it added legitimacy to the email. With caller IDs so easily spoofed and VoIP numbers so easily created, we anticipate there will be many more of this type of social engineering attack.”

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >