The Overlooked Security Threats Of VoIP

High-profile examples of big businesses being hacked, and sensitive customer data being leaked, continue to hit the headlines. Although many firms are taking steps to further secure their IT systems, it is often a different story entirely for their IP telephony network.

Yet an IP-PBX system is just as vulnerable to exploitation as a computer network, with the added danger that many firms don’t realise that a problem exists.

Due to the nature of IP telephony, the phone system needs to be connected to the internet, providing a route for hackers to access the IP-PBX. While VoIP phone systems offer many advantages over fixed-line telephony such as advanced call functionality and flexibility, it is precisely these advantages that can also be used against it. In order for businesses to protect their IP telephony systems, they need to understand how their systems are vulnerable, how this can be exploited, and the steps they can take to secure the system.

Turning your IP-PBX system against you

In order to gain access to the telephony system, hackers need the password of the device they are targeting. In order to gain this password and successfully compromise an IP-PBX system, hackers will identify an IP extension on the network, and then bombard that device with different passwords in the hope that one of them will be right.

Although this sounds like a long shot, many users don’t change their passwords from the default setting. Also, hackers can send thousands of passwords to an extension in just a couple of minutes. In many cases, it doesn’t take long for the hackers to guess the correct password and logon to the IP-PBX system.

Once a hacker has access to the system, there are many ways in which they can disrupt the IP telephony network and potentially cause the business to lose large sums of money. One of the most common attacks, and indeed one of the most damaging, is when professional criminals attach an entire call centre to the compromised network connection, routing thousands of calls over the one connection in a short period of time. Depending on how the IP-PBX routes its calls, and how regularly the company receives its bills, this activity can continue for months before being discovered, running up an astronomical telephone bill.

While this is the primary way for hackers and fraudsters to take advantage of a poorly-protected system, weak passwords and a lack of encryption in an IP-PBX infrastructure can leave the doors wide open to other types of malicious activity. For example, as a result of the computerised nature of IP telephony, it is much simpler than with fixed-line telephones to secretly record internal calls.

Continued on page 2

Page: 1 2

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

16 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

17 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

17 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

18 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

18 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

19 hours ago