VoIP Vulnerabilities: Protecting Against Evolving Threats
Modern threats against VoIP infrastructure fall into four main categories.
Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical. In addition, the use of cloud-based communications is growing rapidly, but according to the a 2015 PwC global information security survey, only 50% of businesses have a security strategy in place for cloud computing.
This same research showed that information security incidents increased 45% over the previous year. As cyberattacks evolve, organizations must fully understand the different types of threats in order to combat them effectively.
Education and activation are the powerful one-two punch that businesses can use to protect their most valuable asset: information. While it is easy to get overwhelmed by the increasing complexity and maliciousness of the risks, security is not a hopeless endeavor.
Understanding the Enemy
Modern threats fall into four main categories. Data predators are crafty, but not completely original, and they utilize one or more of these methods of attack.
- Call Fraud: Eavesdropping and phreaking are the two types of call fraud in which attackers tap into VoIP phone lines and commandeer them to make unauthorized calls. With eavesdropping, hackers tap VoIP phone calls to steal employee names, passwords, phone numbers, and other information that gives access to private accounts and billing information. This is a popular for identity theft and corporate sabotage. With phreaking, hackers infiltrate a business's service provider. They steal account numbers and access codes to add unauthorized phone lines or make calls on existing VoIP lines, both resulting in excessive charges for the business.
- Malware & Viruses: Softphones are vulnerable to attack by malware, worms, and other network viruses. These viruses hijack computer systems and take control. They can send spam and other malicious data, target and permanently destroy information, and trace keystrokes and data entry to enable remote access. Credit card data and financial information are particularly vulnerable in this type of attack.
- Denial of Service (DoS): In this type of attack, hackers use information overload to flood a network server and consume all available bandwidth. This prevents incoming and outgoing VoIP calls and gives hackers the opportunity to gain remote control of administrative servers. They can steal sensitive business and customer data and abuse VoIP servers to make costly phone calls on the business's account. DoS attacks are, and will continue to be, the most common method of cyberattack, as PwC noted in its July 2015 report, " Communications Review: As telcos go digital, cybersecurity risks intensify."
- Call Hijacking & VoIP Tampering: These attacks involve the transmission of noise packets to interrupt the stream of communications and cause reduced call quality, dropped calls, and delays in voice signal. A malicious third-party can change the encryption key of a call's digital signature to make VoIP call signals vulnerable and subject to interception. VoIP servers are tricked into thinking that the original parties on the call are still in communication and the hacker has the opportunity to cause serious communication damage.
Finding the Solution
In sports, the best defense is a good offense, and this holds true with VoIP security. Savvy businesses can preemptively protect themselves from these methods of potential attack using the following techniques.
- Encryption: Cloud communication providers offer customer guidelines for encryption and authentication protocols, and many offer encryption as an additional service. While all businesses should work to ensure ultimate customer protection, those within retail, financial services, and other industries dealing with consumer data must take extra measures.
- Authentication Protocols: VoIP authentication protocols vary based on the type of data being transported. They range from a typical password authentication procedure to a complex three-way authentication process that protects servers and business VoIP. Password authentication, also called the two-way handshake, is highly vulnerable to attack and is easily exploited by hackers. Many times, the username and password are not sufficiently disguised or encrypted before traversing the link. Utilizing a VPN or a secure MPLS network rather than the open Internet can reduce this risk significantly.
- Challenge-Handshake Authentication Protocol (CHAP): When the calling client (computer or softphone that sends data and initializes a VoIP call) links with the authenticator application located in the VoIP server, the authenticator uses a three-step process to determine legitimacy. Also called a three-way handshake, CHAP grants or denies access. If the encrypted messages do not match after the challenge and response steps, the client receives a failure message and is denied access to the VoIP system. This prevents fraudulent VoIP calling.
- Antivirus Software: Because VoIP softphones are part of office computer systems, protecting them from viruses and other dangerous third-party programs is critical. Viruses enter an organization's VoIP system through email to compromise existing security protocols and interrupt or suspend VoIP network services entirely. Installing and maintaining antivirus and anti-malware software programs like firewalls is crucial. Often, VoIP vendors or network providers offer antivirus protection, also known as unified threat management software, as part of their service offerings.
- Deep Packet Inspection (DPI): DPI locates, identifies, and classifies data packets through filtering. It can reroute or block incoming packets with unidentified code or forbidden data, deterring unauthorized use of the wide area, local area, or VoIP network. DPI monitors incoming media and signaling streams, as well as all outgoing media streams, for altered or inserted data packets and then flags them for review. These flagged data packets carry priority ratings from high to low that allow them to be routed accordingly. VoIP providers also use DPI to improve network performance and prevent peer-to-peer abuse that may result from VoIP fraud.
- Session Border Controllers: These VoIP network devices control media streams and protocol signals. They start, conduct, and stop VoIP voice calls and adhere to quality-of-service protocols to ensure the safety and best possible voice quality of all VoIP calls.
- Authorization Policies & Call Restrictions: A simple way for businesses to secure VoIP lines is simply by regulating their own people and policies. They can perform audits and create call restrictions to track VoIP activity and then monitor accordingly to prevent access by unauthorized parties. Businesses can secure the configuration of VoIP apps by creating whitelists of approved country codes for employee usage. These lists prevent toll fraud and other types of unauthorized activity.
Looking to the Future
Network security threats are constantly evolving and protection measures must advance similarly. Safeguarding proprietary business information and sensitive customer data should always remain paramount. Customer, employee, and internal records data remain top targets of cyberattacks, and the damage to brand reputation climbed 81%, as PwC reported. Businesses must be vigilant in order to avoid costly and inconvenient security breaches.
As the telecom industry transitions to an increasingly digital platform, new types of cybersecurity risks will continue to target data, applications, and networks. Partnering with the right security services provider enhances a business's ability to counteract these evolving network threats.
Effective partners enable businesses to detect, analyze, and respond to cyberthreats before they damage their reputations and bottom lines. Organizations can harness the knowledge of these experts and their cutting-edge tools to protect information in this increasingly hostile environment.