IT professionals can add VoIP to the growing list of security threats they need to
monitor. Security firm WatchGuard Technologies
detailed seven leading threats to Voice over IP
services in a release this week. While they aren’t all new, they stand to become higher
profile as the bad guys seek to exploit VoIP’s increased popularity.
“Some of these are tested and true blue data hacks that have been around for a while,
and now there’s a lucrative new field for hackers and criminals to go after on the VoIP
side,” WatchGuard spokesman Chris McKie told InternetNews.com. “The bad guys are
going to go where the money is.”
WatchGuard says recent reports predict as much as 75 percent of corporate phone lines
will be using VoIP in the next two years. By the end of this year, the total number of
VoIP subscribers worldwide (residential and commercial) is expected to reach nearly 100
Heading WatchGuard’s list are Denial of Service (DoS) attacks,
similar to those made to data networks. VoIP DoS attacks leverage the same tactic of
running multiple packet streams, such as call requests and registrations, to the point
where VoIP services fail.
These types of attack often target SIP (Session Initiation Protocol) extensions,
according to WatchGuard, that ultimately exhaust VoIP server resources, which cause busy
signals or disconnects.
Spam over Internet Telephony (SPIT). Like unwanted e-mail, SPIT can be generated in a
similar way with botnets that target millions of VoIP users from compromised systems.
Like junk mail, SPIT messages can slow system performance, clog voicemail boxes and
inhibit user productivity.
VoIP is also potentially vulnerable to Directory Harvesting attacks. These occur when
attackers attempt to find valid VoIP addresses by conducting “brute force” attacks on a
When a hacker sends thousands of VoIP addresses to a particular VoIP domain, most of
the VoIP addresses will “bounce back” as invalid, says WatchGuard. But from those that
are not returned, the hacker can identify valid VoIP addresses.
By harvesting the VoIP user directory, the hacker now gains a new list of VoIP
subscribers that can be new targets to other VoIP threats, such as SPIT or vishing
The trick works by spamming users and luring them to call their bank or service
provider to verify account information. Once valid user information is given, criminals
are free to sell this data to others, or in many cases, directly siphon funds from credit
cards or bank accounts.
Along with its competitors, WatchGuard offers its own set of solutions, including
wired and wireless unified threat management appliances. “What we’re saying is that a
business that already has VoIP in place or is planning to add it, should be aware that
the same hacks on the data networks can be exploited on a VoIP network,” said McKie.
“Some companies already have the firewalls in place, but some don’t so it’s important to
make sure your investment is protected.”
Next page: getting a jump on the bad guys
Article courtesy of InternetNews.com
Page 2 of 2
Getting a jump on the bad guys
Analyst Michael Dortch agreed the threat to VoIP services should be a key IT
“Users and network operators need to begin taking steps to protect their VoIP deployments
and resources, such as directory databases, now, so they can try to get a jump on the bad
guys when they start trying to figure out how to steal and automatically process actual
VoIP conversation streams,” said Dortch, principal analyst at DortchOnIT, said in an e-mail to
“As voice and data streams increasingly converge, and businesses increasingly rely on IT
to do business, the business criticality of digital voice and data grows significantly,”
continued Dortch. “When building and implementing their data security architectures,
users and network operators alike must ensure that no data is left behind to minimize
operational and reputational risks.”
Another threat on WatchGuard’s list relates to Dortch’s conversation stealing comments.
Like data packets, voice packets are subject to man-in-the-middle attacks where a hacker
spoofs the MAC address of two parties, and forces VoIP packets to flow through the
By doing so, the hacker can then reassemble voice packets and literally listen in to
real-time conversations. From this type of attack, which WatchGuard calls eavesdropping,
hackers can also grab all sorts of sensitive data and information, such as user names,
passwords, and VoIP system information.
Rounding out WatchGuard’s threat list are Voice Service Theft and Registration
VoIP service theft can happen when an unauthorized user gains access to a VoIP network,
usually by way of a valid user name and password, or gains physical access to a VoIP
device, and initiates outbound calls. Often, these are international phone calls to take
advantage of VoIP’s toll by-pass capabilities.
A SIP registration hijack works by a hacker disabling a valid user’s SIP registration,
and replacing it with the hacker’s IP address instead. This allows the hacker to then
intercept incoming calls and reroute, replay or terminate calls as they wish.
Article courtesy of InternetNews.com