Security Threats in Voice over IP Technology

VoIP_security_threats

Fig 1: Security Threats in VoIP

The VoIP, Voice over IP, technology is one of the most remarkable mainstream technologies that renovate the business communication standards and quality. VoIP has achieved the wide popularity in the telecommunication field due its awesome technological features and the benefits it rendered to the companies. VoIP seems to be a very reliable, flexible and cost-effective technology for making communications over long distances.

 

Even though VoIP technology is enriched with lots of advantages, it also has some limitations. One of the major issues concerned with VoIP is the security threats.  The security issues were not considered at the early days of VoIP. The users only looked for the long list of benefits that VoIP will shower on their businesses. Later, when VoIP turned to be an indispensable factor of business communication field, security has become a serious issue.

 

VoIP actually replaced the oldest and most secure communication system of the early telecommunication era known as POTS (Plain Old Telephone System). So the security threats in VoIP should be considered and rectified as a serious issue.

 

Security Issues

  • Viruses and Malware issues

VoIP is a wireless technology which relied upon the Internet technology for transmitting voice signals to and fro. VoIP mainly uses soft-phones and software applications to handle the communication infrastructure. Like any other Internet application, the soft-phones and software are also vulnerable to viruses and malicious programs. The soft-phones (a piece of software that allows users to make telephone calls over Internet) usually run on user systems such as PDAs, PCs, etc are highly exposed and vulnerable to malicious code attacks in voice applications. That is, the VoIP communications have more chance of being distorted by viruses and malwares.

  • Identity and Service theft
hacking free img

Fig 2: Identity and Service Theft

The service theft is somewhat similar to ‘phreaking’, which is the process of hacking into telecommunication systems to obtain free calls. That is, the service theft refers to stealing or using the VoIP service provider’s services by passing the cost to another person. This is a serious issue since the service theft imposes heavy costs and charges on other VoIP users.

Encryption is thought of as a solution to unauthorized access of VoIP services. But it is not commonly used with SIP (Session Initiation Protocol), which controls and manages the authentication over VoIP calls. Therefore, the user credentials and identity is vulnerable to theft.

It is seemed that most of the hackers steal the user credentials through eavesdropping. A third party can make use of your names, secret codes (passwords), phone numbers, etc and use them to obtain control over voice-mail, calling plan, call forwarding and billing information through eavesdropping. It gradually leads to service theft. The purpose of identity theft is not only for making calls freely but also to access confidential information like business data.

 

  • Vishing

Vishing is actually VoIP Phishing. A person calling you from an insecure organization by faking that he is calling from a trustworthy organization and requesting for confidential information. If you reveal the confidential and critical data through blind belief, then it can cause dangerous hazards to you and to your company.

 

  • Call Tampering

It is the process of interfering into a phone call which is in progress. The tampering of phone calls can be done in many ways like degrading the call quality by inserting noise packets into the communication stream, holding the delivery of packets which creates breaks in communication that is, the participants will encounter long periods of silence during the call, etc. These kinds of call tampering can lead to unreliable and inconsistent communications which irritates the users.

 

  • SPIT

SPIT stands for Spamming over Internet Telephony. Spamming is simply thought of as sending information against a person’s will and interest. A best example is the spam emails that you receive daily. Since VoIP has grown as an industrial tool, it is started to make spamming in the VoIP platforms.

All VoIP users will have a corresponding VoIP account related with their IP addresses. This makes it easy for spammers to send their messages (voice-mails) to thousands of such IP addresses. As a result the voice-mails will be clogged and demands for more space. It also requires more efficient voice-mail management tools. Ahead of this, the spam messages are likely to have viruses and spywares. It is somewhat similar to Phishing over VoIP.

 

  • Denial of Service (DoS)

It refers to the attacks on devices or networks for denying them from service or connectivity. Overloading of the networks or more internal resources from a device or consumption of more bandwidth can lead to service denial.

In the perspective of VoIP, the DoS attacks will be occur due to the flooding of target with unwanted SIP call-signalling messages and in turn degrading the service. As a result the calls will be dropped permanently and halts the call processing.

 

Most of the businesses today, are depending on the VoIP technology for building up their communication infrastructure; hence security issues related to VoIP should be handled carefully and properly.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s