VoIP is vulnerable to similar types of attacks that Web connection and emails are prone to.

VoIP Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet t ...

attractiveness, because of its low fixed cost and numerous features, come with some risks that are well known to the developers an are constantly being addressed. But these risks are usually not mentioned to the business which is the most common target. VoIP also allows the use of fraud and shady practices that most people are not aware of. And while this practices are restricted by most providers, the possibility that someone is using them for their own gain still exists.

Vulnerabilities

Remote eavesdropping

Unencrypted connections lead to communication and security breaches. Hackers/trackers can eavesdrops on important or private conversations and extract valuable data. The overheard conversations might be sold to or used by competing businesses. The gathered intelligence can also be used as blackmail for personal gain.Security Advisories by Asterisk
/ref>

Network attacks

Attacks to the user network, or internet provider can disrupt or even cut the connection. Since VOIP is highly dependent on our internet connection, direct attacks on the internet connection, or provider, are highly effective way of attack. These kinds of attacks target office telephony, since mobile internet is harder to interrupt. Also, mobile applications that do not rely on internet connection to make VOIP calls are immune to such attacks.

Default security settings

Hardphones (a.k.a.

VoIP phone A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet. This is in contrast to a standard phone which uses the traditional public switched telephone network ...

s) are smart devices. They are more of a computer than a phone, and as such they need to be well configured. In some cases, Chinese manufacturers are using default passwords for each of the manufactured devices which leads to vulnerabilities.

VOIP over WiFi

While VoIP is relatively secure, it still needs a source of internet, which in most cases is a WIFI network. And while a home/office WIFI can be relatively secure, using public or shared networks will further compromise the connection.

VOIP exploits

VoIP spam

VoIp has its own spam called SPIT (Spam over Internet Telephony). Using the unlimited extensions provided by VOIP PBX capabilities, the spammer can constantly harass their target from different numbers. The process is not hard to automate and can fill the target's voice mail with notifications. The caller can make calls often enough to block the target from getting important incoming calls. This practice can be costly to the caller and is rarely used other than for marketing needs.

VoIP phishing

VOIP users can change their

Caller ID Caller identification (Caller ID) is a telephone service, available in analog and digital telephone systems, including voice over IP (VoIP), that transmits a caller's telephone number to the called party's telephone equipment when the call i ...

(a.k.a.

Caller ID spoofing Caller ID spoofing is the practice of causing the telephone network to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. This can lead to a caller ID display showing a phone ...

), allowing caller to represent himself as relative, colleague, or part of the family, in order to extract information, money or benefits from the target.

Secure SIP Port

FreePBX has inbuilt firewall, you can use that to secure SIP port. FreePBX firewall settings
/ref>

References

{{Reflist Internet security