Voip & Unified Communications f Matt Grech hFebruary 16, 2017

VoIP Hacks Are On The Rise: How To Protect Your Network

As long as you have a device connected to the network, it is immediately at a potential risk for attack. Security is no longer an aspect only the large Enterprise with sensitive data needs to worry about - every company from small to mid-size to massive needs to concern themselves with solid security practices. Hackers can and will affect any device on your network that connects to the internet, and the more devices you have the more potential back doors are left wide open.

Part of the biggest criticism against the emerging Internet of Things is just this, with so many devices and so little security, there is a massive hole directly open to not only your things and their controls, but your entire network. But this relates directly to our VoIP solutions as well, regardless of whether you are using SIP Trunking, or a Hosted PBX provider.

IBM's Security Intelligence has put together a report of the most recent VoIP attacks, the trends evolving, methods of access and even different forms of attacks being carried out. We decided to take a really close look at just exactly what's going on.

Seriously,

VoIP Hacks?

But let’s bring that back home a bit - today, right now if your business is using VoIP or Unified Communications, it is completely possible your network is susceptible to attack. And as we have seen, VoIP attacks are actually on the rise. Since VoIP sends calls directly through the same exact path that your network uses for internet and other traffic, your VoIP connections open your network to attack and exploitation. That's right, a hacker can gain access to your network through that old IP phone down the hall. We even have new phones, like those from Mitel, that integrate directly with your smart phone - just about everything can be vulnerable.

Top Targeted VoIP Protocols

Security is nothing to joke about, and its why even Slack has not only spawned a large number of alternatives, some with deep security concerns like Cisco's Spark, but also why Slack is readying its own Enterprise deployment with strict security. Just look at how much Slack now boasts about their security on their website, and that wasn't always the case.

So, if even your free work place chat app is locking up its doors, it would make sense for your business to do the same. Here we'll take a look at some of the popular VoIP attacks on the rise, and what you can do to help keep your network safe. Just in case you're not even sure what to look for when it comes to hacks, we put together a list of the five major signs your VoIP system is hacked to look out for.

The Protocols Under Attack

Without getting too bogged down in the technical details, it first makes sense to understand how and why an attack on your VoIP communications, or the network surrounding your VoIP solution, could even occur. VoIP operates on a number of different specific protocols - depending on your solution, provider and setup your office might employ just one of these protocols, or multiple. For our discussion, we will focus on three specific protocols: SIP, Cisco's proprietary SCCP, and the more recent H225 protocol.

According to IBM Managed Security Services information, the two most compromised protocols are SIP at over 51% of detected security events in 2016, with a specific uptick in the second half of the year, and SCCP with 48% of detected security events. H225, which is part of the H.323 Protocol Suite, managed to squeeze its way in with only a mere 1% of security events.

Attacks Targeting SIP Protocol

SIP, is still one of the most popular VoIP protocols, so it come as little surprise that SIP welcomes the largest number of attacks. SCCP, which is Cisco's Skinny Client Control Protocol, on the other hand brought in almost half of the attacks, and again isn't too surprising. SCCP is a lightweight, IP-based protocol used for communication between Cisco IP phones and the Cisco UC manager. With Cisco being one of the largest providers in this space, it’s no surprise there's a large number of solutions adopted.

SCCP attacks have actually be declining in the last year, unlike SIP attacks that noticed a large increase in the second half. Also interesting to note, almost 74% of attacks on the SCCP protocol are "pre-attack probes," which allow the attackers to gather information on potential targets by examining the network's device capabilities. So, they can peak their head in and see what kind of defenses you have, before they even start their attack.

H225, on the other hand, while still popular, fared way better in the last year - with less than 1% of the activity, it’s worth noting but not one we will focus on too heavily. However, our recommended safety practices can really be applied to any VoIP protocol, network or computer.

Popular Methods of Attack

Depending on which protocol is under attack, and the overall goal of the attacker, the chosen method of attack into your network could differ. With varying levels of hacks, different networks are exposed to different levels of threat - but all are worth protecting against equally, of course. Depending on what the attacker is attempting to accomplish, they will go about attacking in a number of different ways. Some of the most common VoIP hacking methods include:

  1. Malicious Calls To Take Down SIP Networks
    • What are essentially DDoS - Distributed Denial of Service - attacks on your VoIP network can be used to take down your SIP protocol, and the layer on which it operates. This would essentially render your system unusable, unable to accept or make calls, and might even prevent access to any associated online portals, configuration pages or softphones and web communications.
    • Just like a standard DDoS attack, this works by overwhelming your network with an insane number of requests. For SIP, this could be misconfigured SIP messages, or SIP messages with invalid characters in the "To" field - either way, these messages will overwhelm the system, unable to process all the information in time to keep up with the demand.
  2. Caller ID Spoofing
    • With Caller ID Spoofing, hackers access your network, whether it be through your phones, router, or computer, and gather as much information as they can, like phone numbers or lines and extensions. The easiest way for them to get access would be through IP phones that are using the default password on them - since these passwords can be easily found from a quick google search.
    • Once they gain access and information, users can simply spam your phones with scam calls or sell your phone number to those that spam. The FCC has been cracking down on these call centers, but the efforts are pretty futile and people will do it regardless. Or even scarier, in essence attackers can take control over your phone: they can make and receive or transfer calls, play and save recordings, or upload new firmware to infect the network the phone is connected to. If they gain personal information, hackers can call up service providers pretending to be yourself or another user and gain otherwise unauthorized access.
  3. Toll Fraud
    • Toll Fraud is an interesting concept that can be executed in a few different ways, but the end result is generally the same: an attacker gains access to your network, or relevant VoIP account information, with which they can commit fraud. This can differ from Illegal SIP Usage, in which hackers would use programmed scripts to detect any open VoIP ports and constantly attempt to authenticate, or gain control of the system. Hackers can also connect to a VoIP network directly with any compromised SIP credentials, like weak passwords or soft phones on public, unsecured Wi-Fi networks.
    • Once the attacker gains access to your network, or account information, they can order and activated a hosted PBX solution under your company's name, or place an insane number of fake calls directly from your account simply to charge your company ridiculous amounts of money, while committing some level of fraud in the process.

How To Protect Your Network

While not every network will be attacked, the chances are still fairly high as you can tell, and no matter what it’s better to have a secure network than an open one. If anything, your clients and customers will thank you for that.  However, nothing is worse than a false sense of security stemming from bad practices, especially when the real. Helpful security practices are simple common sense.

Protect It Now, Thank Yourself Later

Just like a home, you never hope to have to fall back on the defenses you put in place. No one ever wants to experience a break-in, just like no company wants to experience an attack on their network. But the correct protocols should be taken to ensure your network is safe just in case there ever is an attempted break-in.

Whether you are attempting to protect user data, employee data, business operations, phone call context, or simply prevent any cases of fraud: security should be any company's number one concern when establishing a network, and even their specific VoIP solution. Beyond taking into account the tips we list above, it could be helpful to speak to your VoIP provider to see what security solutions exist, and how you can secure your own network.

 

Articles you might like
Protecting Your VoIP Network: Software vs Hardware...
With the nature of VoIP and Hosted PBX services being so simple to implement, security can often...
Session Border Controllers: Your VoIP Gatekeeper
Security is often a number one concern when it comes to networking for most businesses, especially...
5 Signs That Your VoIP System is Hacked
When it comes to VoIP communication, there are many advantages to be gained, especially from a...
Twitter
Linkedin
Facebook
Email