The Explosion of VoIP Security Threats
VoIP - a growing target
The security landscape with regard to any technology is always changing. One of the reasons for this is that new systems are being deployed all the time and the various trends render certain hacks either obsolete or productive. The bigger a target is, the more people who try and break into it. This is the reason why there are so few viruses and worms for platforms such as Mac and Linux (at least on the home PC market.) When choosing to write a virus or an exploit a hacker can get much more return on his or her investment by targeting a platform which a lot of people use.
As VoIP grows in adoption throughout the world, it's becoming a more and more juicy target for those seeking to exploit it. And it's the usual race between hackers and security administrators as to who can get the upper hand. One of the advantages of VoIP is its flexibility along with lower costs, but this is the reason why VoIP is so susceptible to hacking. When a system works in a fixed way like a telephone line, there isn't much scope to break into it. It's like trying to break into a calculator! But when a system is complex, the opportunities for unauthorized access are enormous. And VoIP just about fits the bill.
There are a number of ways in which VoIP can be exploited by hackers and we don't think we've even seen the full breadth of strategies which could be employed in the future. Previously, VoIP itself was divided into many non inter operable islands utilizing different protocols and involving various codecs etc. But with the introduction of the SIP protocol on which most hosted VoIP PBX solutions rely, hackers now need fewer skill sets to get the job done and have a larger target too.
For example, a VoIP hacker can gain access to a business mobile VoIP PBX in order to place free calls internationally at the company's expense. Though such calls are dirt cheap with VoIP, an attacker can even lease out the service to others ratcheting up hundreds of thousands of minutes with disastrous consequences for the main firm.
Other exploits include gaining access to the company's data through the SIP trunk and even engaging in DDoS attacks. Companies must learn that merely deploying a VoIP system and then forgetting about it is asking for trouble. It's an ongoing task which must be taken very seriously. Better yet, outsource your job to a hosted PBX provider acting as your ITSP and let them do the dirty work while you focus on your business.