Is VoIP really secure?

VoIP has come a long way in South Africa, from the days of Proprietary Hardware based packet transport systems over dual ISDN lines. Mohammad Patel, CEO of O-Tel Telecom, a Licensed Digital Telephony Service Provider with national presence gives his insight in the recent development of VoIP.

Our naturally conservative population were reluctant to accept the technology, most probably because the early VoIP service providers were trying to make the technology work over less capable broadband. The advent of ADSL, and the interconnect rate drop in 2010 aided the demise of the Premi-cell industry and the now antique GSM LCR Hardware devices. Hence SME’s and corporate were forced into VoIP technology as a replacement in order to save telephony costs.

As in the 1886 Witwatersrand Gold Rush era, many new VoIP resellers mushroomed, using the infrastructure of the more established telecom providers to seek

their fortune and become the next Alan Knott Craig. Just as Gold became an opportunity attracting investors from far and wide, the telecom industry in South Africa has flourished over the past two years with similar effect.
As history has shown us over and over again, with a thriving industry comes scammers with innovative fraudulent activities. VoIP is no exception.

Undoubtedly, VOIP is functional, practical and cost less than analog telephony. Digital Telephony is generally a better-quality phone system, more advanced, more improved and a cut above the regular telephone.

Industry experts foresee 2011 to be a major year for VoIP. Inadequate security should not plague the rising popularity of Digital Telephony.

This article is intended to help VoIP service providers understand how and where VOIP security is susceptible so that one can take the steps to protect oneself from these security problems.

Let’s take a look at some of the dangers that you can be exposed to everytime you usea poorly installed   VOIP system without adequate security.

1.             Service theft via phone phreaking

Service theft occurs when a phone phreak breaks into the VoIP network illegally to make free long-distance calls using your number and pass the cost on to you.

2.             Eavesdropping via wiretapping

Wiretapping is the unauthorized connection made to your VoIP line for the purpose of eavesdropping or to listen maliciously and secretly to your conversations.

3.             Identity theft

By means of eavesdropping, or wiretapping your VoIP line, hackers can steal your name, password, email address, phone numbers and other personal credentials and use your identity to gain access to your calling plan and billing information to make free long-distance calls using your account, take over your voicemail or make changes to a call forwarding number.

4.             Vishing or VoIP phishing

This phishing trick uses VoIP to call you illegally, send you a fake text message or a fake telephone number for you to call with the pretense to coax you into giving your private personal and financial information in order to get hold of your account and your money or make illegal purchases using your credit fraud or negotiate falsely for loans using your identity.

5.             VoIP DoS attacks

A DoS attack is a bombardment of unnecessary call signals to your VoIP network or device in order to put your service or connection out of action. Once your service gets terminated, your account is taken over by the attacker and falsified. A VoIP DoS attack causes garbled call signals, premature call dropping, messages to get intercepted and stops the progress of call processing as it rejects or disallows connection.

6.             VoIP spamming

Similar to email spamming, VoIP spams are unwanted, unsolicited calls from anonymous phone numbers.

Common forms of VoIP spam are annoying online sales calls and voicemail flooding and messages that carry viruses, malwares and worms.

7.             Call tampering

In this type of attack, VoIP signals are manipulated to slow down the connection or completely block the delivery of call signals. This results in minor disturbances during phone calls in progress such as poor sound quality or long periods of static silence.

8.             Man-in-the-middle attacks

In this type of attacks, the VoIP call signals are intercepted and redirected to a different location. It is termed man-in-the-middle because the attacker pretends to be either the caller or the recipient with the intention to mislead and deceive.

These security problems do not lower the degree of VoIP quality in any way in terms of functionality and practicality.

Reality is, the industry has yet to experience a major VoIP security breach.

By far, the technology is regarded as reliable and safe to use.   These safety issues should be regarded as  €œa piece of advice, € so to say, so that as the end user you can take preventive measures to lessen the chances that it might happen.

When choosing a VoIP provider, ensure that they have taken necessary precautions to safeguard their clients against such potential attacks. VoIP does NOT necessarily need to run over the internet. A bona-fide VoIP Service Provider will have intranet facilities in place to ensure you receive the highest voice quality over a less contended ADSL or Wireless connection. If your VoIP calls pass through the internet then it is reasonable that the system is open to the same dangerous elements. After all, these security issues are only consequent to the nature of the internet.

Research proves that there is little chance of a VoIP security breach, mainly because VoIP service providers are extremely security conscious, using voice and data encryption and highly secure database programming. It is highly unlikely that your VoIP providers server could easily be breached. Your business computers, however, need a little extra protection from those looking to cause harm.
Enhancing your VoIP security is simple:

Secure Your Browser

The Internet browser is the first point of entry for anything coming to your computer.
Set the security level to control what comes in, and what doesn’t.

Use a Firewall

There are certain programs able to make their way past browser security. For added security use a good firewall and antivirus software. The firewall in your broadband router should be enabled and set correctly.

Use Strong Passwords

Passwords are the first target of skilled hackers and data thieves. If your password is obtained, access to all of your information is available for the taking.

Use an Adapter/VoIP Gateway

Some VoIP adapters do have built in security. Although a little more expensive, it does offer considerably more advantages. There are routers incorporating ADSL mode, Wireless router and VoIP gateway.

Change your Devices Password
A very common problem is that the devices passwords are left as default (admin/admin). This is like locking your front door, but leaving the key in the lock. A strong password should be used for all your devices, including your computer/server’s access password.

The major VoIP contributors/manufacturers in the world are committed to better securing VOIP by developing the steps to perfect the capabilities needed to fend off these attacks with improvements on device calling features, encryption tools and authentication protocol.

This is the road that VoIP technology is now taking and the VoIP structure is getting stronger and more developed as digital technology advances.

*All logos are registered trademarks of their respective owners.