Be aware of the dangers of VoIP before you choose it as a solution. VoIP is a great thing, but it is more complicated and there are dangers of VoIP you should be aware of.
Times used to be simpler when phone lines were just that! Today increasing numbers of companies across the Wellington region, Kāpiti and Horowhenua are moving to VoIP (Voice over Internet Protocol) systems for their phones. This is in part due to advances in technology. It is also partly due to telecom companies like Spark saying they won’t support the older phone lines in future.
While VoIP can work very well in the right circumstances due to its low cost, flexibility and number portability advantages - you do need good IT support. If you don't get it right, it can end up being more expensive, more complicated and come with a range of security issues. Let's take a look at four main security issues.
1. Denial of Service (DoS)
Hackers can use automatic phone dialler software which rapidly calls you and then hangs up, this is called a DoS attack and keeps your line busy so you cannot accept or make calls. Attacks like this can severely impact any businesses ability to communicate and can be extremely difficult to stop.
A recent example is an attack on the New Zealand Exchange (NZX) which shows how vulnerable businesses can be. One way to help protect your communication infrastructure is by using Session Border Controllers (SBCs) which act as a VoIP firewall. This protects your network by using a secure connection between you and your service provider. It gives you more control over your VoIP calls and voice traffic.
2. The man-in-the-middle attack (MitM) against VoIP
This is where someone can easily listen, divert or even hijack selected VoIP calls by putting themselves “in the middle” of the VoIP signalling path. This can happen when weak or no encryption mechanism is used on wireless access points, allowing unwanted users to join your network just by being nearby.
This can be one of the most serious threats. Especially for those in industries where private information is disucssed, such as in the legal or health sectors. Encryption and authentication protocols such as the TLS (Transport Layer Security) protocol can help with this.
3. Poor VoIP security protocols and passwords
Without good security protocols and strong passwords, system and user credentials are vulnerable to theft - making it easy to hack into online VoIP systems or phone hardware. This can lead to many issues, two of which include:
Dangers of VOIP include 'Phreaking'. This is a type of hack which steals a service from a service provider while passing the cost along to another person. Commonly this is when your VoIP account is hacked and someone uses it to make calls which you pay for.
Another is 'Vishing'. This is where a legitimate number is hacked and then used by a party to call you and pretending to be from a trustworthy organisation, such as your bank, and asking for confidential or critical information.
To avoid these from happening, make sure you use 2-factor authentication where possible to access your online systems. Never use your VoIP phone number or extension as the voicemail password (common defaults). Always change the default admin passwords on web-based phone hardware.
4. Caller ID Spoofing
Most VoIP providers will only allow you to use the caller ID of the lines you own. Some will allow any number to be presented on their network which can cause problems. This attack method is most commonly used where a business doesn’t present their main number but might instead present a tollfree number or their main number for customer callbacks.
However, this means it can also be used to emulate another party or business. The intent being to defraud, cause harm or wrongfully obtain something of value. This makes it important to have a mechanism in place which only displays numbers which have been authenticated.
Final Word on Dangers of VoIP
VoIP can be great in the right circumstances. But people often jump in without considering the extra complications and security issues which don’t exist with a traditional phone line. Please consider the dangers of VOIP before committing.
It’s best to go into VoIP with your eyes open and be aware of the risks. Then you can use it more safely and effectively for your needs. If you’d like help setting up VoIP or improving your existing setup security then contact your nearest IT Alliance member.
Want to hear more about how else you can proactively manage your IT? Check out our blogs on: