Hacking VoIP Exposed

Updated: April 30, 2009

Hackers are a busy bunch. If they're not jamming data networks or crippling users' PCs, they're hijacking servers or stealing privileged information.

Hackers are also beginning to target VoIP systems and their users. Since VoIP is essentially an Internet-based data service, it's as vulnerable to hacker attacks as anything else that moves information across the Web. We recently spoke to Mark Collier, co-author of "Hacking VoIP Exposed" (McGraw-Hill, 2006, paperback, $49.99), for his opinion on the state of VoIP security and how businesses can better understand and deal with various types of Internet telephony threats. Collier is chief technology officer of SecureLogix Corp., an enterprise VoIP network-management tools vendor located in San Antonio, where he is responsible for all the company's product and services research and development. Here are his thoughts on hackers and VoIP.


What are the biggest VoIP hacking threats?

Mark Collier: The biggest potential issue is Denial of Service (DoS). VoIP systems are very susceptible to various forms of DoS. DoS can affect the IP PBX, supporting infrastructure services such as TFTP (Trivial File Transfer Protocol) and DHCP (Dynamic Host Configuration Protocol), the network, and IP phones. DoS can seriously degrade the quality of calls. Also, legacy issues are not going away with the adoption of VoIP. In some cases, VoIP can make some legacy security issues worse.

What can hackers do to a business's VoIP system?

Mark Collier: They can disrupt service, preventing users from effectively using the VoIP system. They can eavesdrop on calls and listen to conversations or gather information such as DTMF {the dialing tones that signify phone numbers}. They can access voice mail. They can steal minutes via toll fraud. They can manipulate the content of calls.

Is SPIT a real problem?

Mark Collier: It isn't now. It will probably develop into a real problem, but it will take several years for it to develop.

Is the hacker problem growing?

Mark Collier: As enterprises deploy more VoIP, as they extend VoIP to teleworkers and the public network, and as they increase the use of softphones and unified communications, the security issues will increase. Hackers will become more interested in attacking VoIP systems. We are already seeing an increase in interest in the hacker community, including development of more and more attack tools.

Are most business users aware of these threats?

Mark Collier: Not really. Some are and some are not. Many are focused on the wrong threats.

What are the top things a business can do to protect itself against VoIP hackers?

Mark Collier: The first step is to perform an assessment to determine what vulnerabilities exist. There are often some simple, inexpensive changes that can be made that will greatly increase security. You can't fix what you aren't aware of. Outsourcing an assessment is a good idea.

What can VoIP service providers and vendors do to make the technology safer?

Mark Collier: The major VoIP system vendors are improving their systems. With each major release, you see real security improvement with many of the vendors, including the leaders like Nortel, Cisco and Avaya. The vendors, however should work better with their customers during deployment,to make sure that the security that is available is used.

Featured Research
  • Your Phone System and Your Bottom Line

    Businesses have been using phones to drive increases to their bottom lines for almost a century now. Telephony, much like the rest of the business world, has seen drastic changes with the increase in technological advancement. Voice Over Internet Protocol (VoIP), has enabled companies to connect with consumers at levels that have been seen as unheard of before. And trust us when we say this, it is doing wonders for the bottom line. more

  • 2017 Phone Systems Checklist

    As you are well aware, we are living in an age of extreme technological growth. With this, an understatement might be that phone systems have changed a bit over the last decade. If you are in the market for a new phone system, it is absolutely essential for you to have knowledge of this vast sector and just what exactly you need in order to have your business succeed. more

  • VoIP vs. VoPI

    Are you searching around for an upgrade to your current phone system? If so, you've mostly likely heard of VoIP, but do you know about VoPI? Lately, there has been a lot of conversation around what the difference is between the two systems. Most of this conversation centers around security, as both of these systems, operate over the internet versus the traditional phone lines. more

  • Why You Need Mobile VoIP

    Mobile VoIP is growing at an exponential rate and can help your company reduce costs, improve communications, and drive increased employee satisfaction and loyalty. If what was just mentioned above sounds like it would be good for your business (it is), download our latest guide Why You Need Mobile VoIP to learn even more reasons why you need to make the switch today! more

  • How You Can Stop VoIP Eavesdropping

    In today’s modern technological world we face cyber threats on an almost daily basis. This rings true when switching phone systems to VoIP. While there are many benefits to making the switch, there MUST be precautions taken to ensure that your new phone system is safe and secure. more