VoIP Vulnerabilities
   HOME

TheInfoList



Click Here for Items Related To - VoIP Vulnerabilities
OR:
VoIP Vulnerabilities on:   [Wikipedia]   [Google]   [Amazon]

VoIP vulnerabilities are weaknesses in the
VoIP Voice over Internet Protocol (VoIP), also known as IP telephony, is a set of technologies used primarily for voice communication sessions over Internet Protocol (IP) networks, such as the Internet. VoIP enables voice calls to be transmitted as ...
protocol or its implementations that expose users to privacy violations and other problems. VoIP is a group of technologies that enable voice calls online.
VoIP Voice over Internet Protocol (VoIP), also known as IP telephony, is a set of technologies used primarily for voice communication sessions over Internet Protocol (IP) networks, such as the Internet. VoIP enables voice calls to be transmitted as ...
contains similar vulnerabilities to those of other internet use. Risks are not usually mentioned to potential customers. VoIP provides no specific protections against
fraud In law, fraud is intent (law), intentional deception to deprive a victim of a legal right or to gain from a victim unlawfully or unfairly. Fraud can violate Civil law (common law), civil law (e.g., a fraud victim may sue the fraud perpetrato ...
and illicit practices.


Vulnerabilities


Eavesdropping

Unencrypted connections are vulnerable to security breaches.
Hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...
s/trackers can eavesdrop on conversations and extract valuable data through microphones.


Network attacks

Attacks on the user network or internet provider can disrupt or destroy the connection. Since VoIP requires an internet connection, direct attacks on the internet connection, or provider, can be effective. Such attacks target office telephony. Mobile applications that do not rely on an internet connection to make calls are immune to such attacks.


Default security settings

VoIP phone A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet. This is in contrast to a standard phone which uses the traditional public switched telephone network ...
s are smart devices that need to be configured. In some cases, Chinese manufacturers are using default passwords that lead to vulnerabilities.


VOIP over Wi-Fi

While VoIP is relatively secure, it still needs a source of internet, which is often a
Wi-Fi Wi-Fi () is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for Wireless LAN, local area networking of devices and Internet access, allowing nearby digital devices to exchange data by ...
network, making VoIP subject to Wi-Fi vulnerabilities


Packet loss

Since VoIP runs over an internet connection, via wired,
Wi-Fi Wi-Fi () is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for Wireless LAN, local area networking of devices and Internet access, allowing nearby digital devices to exchange data by ...
or 4G, it is susceptible to packet loss which affects the ability to make and receive calls or makes the calls hard to hear. The susceptibility is due to the real time nature of the communication. Packet loss is the biggest reason for VoIP support calls.


SIP ALG

When VoIP was first setup, a setting called SIP ALG was added to routers to prevent VoIP Packets being modified. However, on more modern VoIP systems, the SIP ALG router setting causes routing issues with VoIP Packets causing calls to drop. Routers are usually shipped with SIP ALG turned on.


Exploits


Spam

VoIP is vulnerable to spam, known as SPIT ( Spam over Internet Telephony) because it relies on the open internet, which is less regulated. Using the extensions provided by VoIP PBX capabilities, the spammer can harass their target from different numbers. The process can be automated and can fill the target's voice mail with notifications. The spammer can make calls often enough to block the target from getting important calls.


Phishing

VoIP users can change their
Caller ID Caller identification (Caller ID) is a telephone service, available in analog and digital telephone systems, including voice over IP (VoIP), that transmits a caller's telephone number to the called party's telephone equipment when the call is ...
if they have admin rights on the VoIP server. Anyone who resells VoIP or manages their own VoIP server can allocate any phone number as an outgoing number. This is commonly used for genuinue reasons when a customer is porting a number, so they can use their number of a new plaform while the port takes place. But it can be used maliciously to mask any number. (a.k.a.
Caller ID spoofing Caller ID spoofing is a spoofing attack which causes the telephone network's Caller ID to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. This can lead to a display showin ...
), allowing a caller to pose as a relative or colleague in order to extract information, money or benefits from the target.


See also

*
Comparison of VoIP software This is a comparison of voice over IP (VoIP) software that examines applications and systems used for conducting voice and multimedia communications across Internet Protocol (IP) networks. VoIP technology has transformed telecommunications by offe ...
* INVITE of Death * List of VoIP companies *
Mobile communications over IP MoIP, or mobile communications over Internet Protocol, is the mobilization of peer-to-peer communications including chat and talk using Internet Protocol via standard mobile communications applications including 3G, GPRS, Wi-Fi as well as WiMax. Un ...
- Mobile VoIP * Voice over WLAN - VoIP over a WiFi network


References

{{Reflist Internet security Computer security exploits