No announcement yet.

VoIP Security Essentials

  • Filter
  • Time
  • Show
Clear All
new posts

  • VoIP Security Essentials

    If there was a time when the word VoIP raised many questions, now it seems nobody is surprised to hear it. Simply speaking it is the same phone conversations but through Internet, which help transfer your voice or your media content to the recipient. It is not a great discovery to say that because of that connection with Internet VoIP is vulnerable to the same dangers as the web is. Below are the four VoIP security threats, which are currently under the focus of VoIP community and web security experts.


    We all know that personal information should not be shared with anyone. Especially if we mean passwords or bank codes. We also know that the favorite pastime of the hackers is to steal these codes or passwords and use them according to their evil plans. Because of the close relation to Internet and because your voice can travel through public lines, VoIP conversation can also be intercepted and personal information can be stolen. Hackers use special apps called scanners to find accessible points in VoIP lines, and, what is more surprising, there are plenty of free apps for decryption of VoIP conversations. As a protection against eavesdropping, strong encryption software must be installed on the sender's and recipient's device, if only one device will run the encrypting application, information can be vulnerable anyway

    SPIT – Spam over Internet technology

    As with the ordinary spamming over the web, VoIP is also vulnerable to spammers. The latter can come in the form of brutal advertisers that is telemarketers, who would send bulk ads through VoIP in the hope that somebody may be hooked. Prank callers also like to use VoIP to make their jokes. Sometimes prank callers disguise themselves as employees of serious organizations, they may also record the conversation for future use.

    Vishing - Voice Fishing

    Voice Fishing - also known as "vishing", this happens when an attacker contacts you using VoIP and attempts to trick you into sharing valuable personal data, such as credit card or bank account information.

    A visher sets up a fake interactive voice response system, which tries to trick to disclose PINs, passwords, and other private information. Those who practice vishing also use social engineering techniques and are experts in communication psychology. They may try to make a conversation in such a way as to remember slightest details about you, and then this information can be used for committing fraud. Vishers try to find people who are too kind, too trusting, too naïve. A visher can, for example, call an elderly woman and say her he/she is calling from her bank and they need to check or test something. Then the visher may ask the woman to give her bank account card number, or security question, or some other sensitive information. An “efficient” visher may call hundreds of numbers a day, and usually one or two recipients do give sensitive information. After obtaining this information, the visher tries to use it as soon as possible before his/her fraud is discovered.

    DoS Attacks

    Because VoIP is working on a network, it is vulnerable to Denial of Service Attacks. These are done by malicious fraudsters who may send huge amount of unimportant data over the network, thus bringing about shutting down of the system. DoS attacks may shut down websites, send bulky audio messages to the email, thus making it inaccessible. Delays or poor quality of the services may be the sign that somebody is carrying out DoS attack on that service. DoS attacks are very hard to prevent and foresee and as a minimum you need to keep you VoIP software up to date.

    Basic Defense against VoIP attacks

    First of all a good firewall must be in place to allow communication only through trusted IP devices. Secondly you should never give any sensitive information through VoIP, especially account numbers, PINs and passwords. There may be recorded a nice female voice asking you for your identification information, call first you bank and tell them about this. Change any default passwords or pin numbers given for any new VoIP enabled devices. Use protection on you mobiles in the form of locks to refuse VoIP numbers be stolen or used in case your mobile is lost or stolen. Keep your devices updated and ask your provider what security measures are in place and ask for further instruction on the security issues.
    More about how to protect your Network read at
    A-Z SIP & VoIP Wholesale Termination Provider