Is VOIP really secure?

Mohammad Patel, on the WAPA Executive Committee, gives his insight in the recent development of VoIP.*

VoIP has come a long way in South Africa, from the days of Proprietary Hardware based packet transport systems over dual ISDN lines. Industry experts foresee 2011 to be a major year for VoIP. Inadequate security should not plague the rising popularity of Digital Telephony.

Let’s take a look at some of the dangers that you can be exposed to every time you use a poorly installed VOIP system without adequate security.

1. Service theft via phone phreaking
Service theft occurs when a phone phreak breaks into the VoIP network illegally to make free long-distance calls using your number and pass the cost on to you.

2. Eavesdropping via wiretapping
Wiretapping is the unauthorized connection made to your VoIP line for the purpose of eavesdropping or to listen maliciously and secretly to your conversations.

3. Identity theft
By means of eavesdropping, or wiretapping your VoIP line, hackers can steal your name, password, email address, phone numbers and other personal credentials and use your identity to gain access to your calling plan and billing information to make free long-distance calls using your account, take over your voicemail or make changes to a call forwarding number.

4. Vishing or VoIP phishing
This phishing trick uses VoIP to call you illegally, send you a fake text message or a fake telephone number for you to call with the pretense to coax you into giving your private personal and financial information in order to get hold of your account and your money or make illegal purchases using your credit fraud or negotiate falsely for loans using your identity.

5. VoIP DoS attacks
A DoS attack is a bombardment of unnecessary call signals to your VoIP network or device in order to put your service or connection out of action. Once your service gets terminated, your account is taken over by the attacker and falsified. A VoIP DoS attack causes garbled call signals, premature call dropping, messages to get intercepted and stops the progress of call processing as it rejects or disallows connection.

6. VoIP spamming
Similar to email spamming, VoIP spams are unwanted, unsolicited calls from anonymous phone numbers. Common forms of VoIP spam are annoying online sales calls and voicemail flooding and messages that carry viruses, malwares and worms.

7. Call tampering
In this type of attack, VoIP signals are manipulated to slow down the connection or completely block the delivery of call signals. This results in minor disturbances during phone calls in progress such as poor sound quality or long periods of static silence.

8. Man-in-the-middle attacks
In this type of attacks, the VoIP call signals are intercepted and redirected to a different location. It is termed man-in-the-middle because the attacker pretends to be either the caller or the recipient with the intention to mislead and deceive.

These security problems do not lower the degree of VoIP quality in any way in terms of functionality and practicality. The reality is, the industry has yet to experience a major VoIP security breach.

When choosing a VoIP provider, ensure that they have taken necessary precautions to safeguard their clients against potential attacks. VoIP does NOT necessarily need to run over the internet. A bona-fide VoIP Service Provider will have intranet facilities in place to ensure you receive the highest voice quality over a less contended ADSL or Wireless connection. If your VoIP calls pass through the internet then it is reasonable that the system is open to the same dangerous elements. After all, these security issues are only consequent to the nature of the internet.

Research proves that there is little chance of a VoIP security breach, mainly because VoIP service providers are extremely security conscious, using voice and data encryption and highly secure database programming. It is highly unlikely that your VoIP providers server could easily be breached. Your business computers, however, need a little extra protection from those looking to cause harm.

Enhancing your VoIP security is simple:

1. Secure Your Browser
The Internet browser is the first point of entry for anything coming to your computer.
Set the security level to control what comes in, and what doesn’t.

2. Use a Firewall
There are certain programs able to make their way past browser security. For added security use a good firewall and antivirus software. The firewall in your broadband router should be enabled and set correctly.

3. Use Strong Passwords
Passwords are the first target of skilled hackers and data thieves. If your password is obtained, access to all of your information is available for the taking.

4. Use an Adapter/VoIP Gateway
Some VoIP adapters do have built in security. Although a little more expensive, it does offer considerably more advantages. There are routers incorporating ADSL mode, Wireless router and VoIP gateway.

5. Change your Devices Password
A very common problem is that the devices passwords are left as default (admin/admin). This is like locking your front door, but leaving the key in the lock. A strong password should be used for all your devices, including your computer/server’s access password.

The major VoIP contributors/manufacturers in the world are committed to better securing VOIP by developing the steps to perfect the capabilities needed to fend off these attacks with improvements on device calling features, encryption tools and authentication protocol. This is the road that VoIP technology is now taking and the VoIP structure is getting stronger and more developed as digital technology advances.

*This post is intended to help VoIP service providers understand how and where VOIP security is susceptible so that one can take the steps to protect oneself from these security problems. Read the full article here.