Businesses that implement VoIP (voice over IP) telephony systems on their local area networks must ensure that they have effective protection against the growing incidence of VoIP hacking.
That’s according to Graeme Victor, CEO of telecommunications solutions company Du Pont Telecom who says a small Johannesburg company was left with a telephone bill of over R100 000 recently after criminals hacked into its VoIP telephony system over a weekend.
VoIP is steadily gaining market acceptance as a telephony solution because of the many benefits including the fact that phone calls between two VoIP users on the same system are free.
However, IP Telephony has already become a popular playground for attackers. As has happened with other emerging technologies the speed of advances in VoIP technology has typically outpaced the corresponding security requirement.
So far, the emphasis in VoIP security has been to protect the underlying IP network –rather than voice elements–from attacks.
“Businesses spend considerable resources protecting their data networks to prevent loss of data, yet fail to take similarly stringent precautions to protect their voice IP networks when an attack could have immediate, potentially crippling financial implications,” he says.
In the United States, a man who operated a low-cost Internet calling company was recently sentenced to 10 years in prison after hacking into 15 unsuspecting companies’ VoIP systems. He illegally routed 100 000 minutes of his customers’ Internet telephone calls through the hacked networks. The fraud cost the victims more than US$1,4 million.
“That hacker got caught but there are people all over the world trying to find ‘free’ channels through which to direct their calls,” Victor says.
“Another danger is that hackers use the vulnerabilities of the VoIP system to gain access to the data network. VoIP systems must also be protected against manipulation, tapping and even call hijacking in which the connection is reported as unavailable and the call is rerouted.”
He warns local businesses to beware of implementing VoIP on their networks without proper security controls and says both IP PBXs and IP handsets are vulnerable.
“As VoIP is rolled out to more and more businesses in South Africa, the accessibility and allure of attacking their systems by international hacking syndicates will increase.
“Securing a VoIP infrastructure requires planning, analysis and an in-depth and high level of knowledge about the configuration of the chosen VoIP implementation. It is therefore important for local businesses to choose a VoIP provider who understand all aspects of VoIP security,” Victor concludes.