VoIP beats analogue at security

Attention: open in a new window. PrintE-mail

Article source: ITWeb Rob Lith

Although concerns about VoIP fraud linger, VoIP systems are in fact less susceptible to fraud than traditional analogue phones, says Rob Lith, Business Development Director at Connection Telecom.

Breaching VoIP security is far more complex than hacking an analogue phone system, he says. In addition to this, the South African VoIP industry has been highly proactive in safeguarding VoIP security.

With analogue phones, hacking activities such as toll fraud (the avoidance of paying long-distance phone charges) can be relatively simple. Various methods can be used, including ‘switch-hooking’, which is “tapping a telephone hook to simulate pulse dialling”, explains Lith.

“Even more sophisticated phone systems can be easily circumvented,” he adds. “Modern-day distribution boxes can be bypassed with ultra-cheap tools, allowing neighbourhood phreaks [phone hackers] to phone to their heart’s content, or simply explore phone systems harmlessly, though illegally.”

VoIP may also be vulnerable, he continues: “As with PSTN phone systems, SIP accounts provisioned by VoIP servers can be compromised and used to commit toll fraud. Typically, fraudsters gain access to SIP accounts at the authentication layer [obtaining usernames and passwords by various means]. Once account access is gained, they can register another instance of the SIP account to a softphone on a different computer, and make multiple calls at once, racking up thousands of rands in charges in a very short time.”

Lith argues that although this type of fraud seems more of a threat due to its sophistication and the potential volume of attacks, more can be done to overcome VoIP vulnerabilities than can be done for analogue phones. For instance, the ISP Association has a fraud-monitoring and information-sharing group for ISPs that also provides telecoms services.

This group, which has the endorsement of senior industry members, including regulatory expert Dominic Cull and ISPA secretary Ant Brooks, collects information based on alerts in their systems. “For instance, any calls to out-of-the-ordinary destinations like Latvia, East Timor or the Cook Islands, might trigger an alert to a cloud-based telco hosting PBXs on behalf of its customers. The telco might react by blocking the call and then consulting the customer, who might in fact have legitimate reasons for calling exotic climes,” explains Lith.

Other systems, such as notifications of multiple failed password attempts, or account limits to prevent high call costs, can identify or prevent attacks.

“To combat more and more sophisticated attacks, additional measures are being proposed within the ISPA group, such as the establishment of honeypot SIP servers that masquerade as production servers but are merely bait. Honeypot servers are relatively easy to crack and provide an opportunity to monitor state-of-the-art attacks, tools and origins of attacks without any threat to actual production servers,” says Lith.

While attacks are becoming more sophisticated, measures to protect against VoIP fraud “provide unprecedented protection against toll fraud, serving to counteract the danger of large losses occurring in a global Internet ecosystem,” Lith concludes.

You might also like…