VoIP Hacking: Exploiting Vulnerabilities
Business owners experience the benefits of switching to VoIP (Voice over Internet Protocol) technology as soon as they sign on the dotted line: they get voice communications at least as good as that of their previous provider, with an expanded feature set, greater scalability, and lower cost.
But for all the benefits of an Internet-based communications protocol, VoIP also comes with a different set of vulnerabilities – which a few crooked elements are ready to turn to their advantage.
Given a chance, hackers will breach your VoIP infrastructure to steal business and personal financial information, eavesdrop on conversations or make expensive long-distance calls on your dime. If you choose a VoIP provider that fails to secure your network, your new VoIP line will cost you far more than you save.
Common Types of VoIP Hacking:
VoIP hacking attacks can come in many forms, but the following represent the most common methods.
Distributed denial of service (DDoS) attacks turn a flood of data requests on a single target from multiple systems; the deluge of data shuts the target down.
In a VoIP network’s case, hackers can auto-generate thousands of phone calls on a computer, or use compromised cellphones, with the same effect either way: to tie up the lines and deny service to the target. Alternatively, a DDoS attack can also target the VoIP system’s routers to knock out the whole network.
Toll fraud. Hackers have conceived a devilishly clever way of profiting off unsecured VoIP networks: after gaining access to the targeted network, they’ll route international calls through the target’s VoIP server, racking up thousands of dollars in phone charges. Hackers collect a percentage of the fees.
A Brentwood, CA executive learned this the hard way: she was charged nearly $6,400 for calls made through her VoIP line to Cuba. She got off easy compared to a Norcross, GA architecture firm’s whopping $166,000 bill for unauthorized calls made to Gambia, Somalia and the Maldives.
Eavesdropping. Hackers can listen in on unencrypted VoIP voice calls, either by compromising the phone or the network. Any private information exchanged over the call then becomes fair game for the hacker to leverage in other schemes.
How to Take Action Against VoIP Hacking
Just as with any IP-based system, your VoIP network demands a degree of vigilance to prevent any of the mischief we’ve described above.
Many of the precautions against VoIP hacking will sound familiar to any cybersecurity-aware user: controlling administrator access by using secure, two-step authentication; increasing awareness of the value of secure passwords; acting immediately on any suspicious activity in the network, and having a response plan ready in the event of a breach.
Other precautions are VoIP-specific, and can be arranged with your VoIP provider (the good ones put these to work even before you ask): encrypting voice conversations; implementing limits on calls (by time of day, by device, or by user); and setting up intrusion prevention systems that track VoIP traffic and flag suspicious activity on the network.
Don’t be intimidated by the threats we’ve discussed here: VoIP hacking is a problem with a definite solution. By working with a vigilant, experienced Managed Voice provider (like All Covered), and by maintaining operational security within your organization, you can harden your VoIP system significantly against the possibility of five-figure phone bills and criminals listening in on your calls.