As an online-security and ID theft expert, I am frequently asked what VoIP stands for, and also about Internet security strategies for the average online user.
What is VoIP? “Voice Internet Protocol” technology enables you to make phone calls through computer networks, namely the Internet. Continuous voice signals are converted by VoIP technology into digital data packets, allowing two-way, real-time conversational transmission.
VoIP is not without flaws that threaten its security.
Stored transcripts for all to see. Google Voice offers free transcription of conversations, then stores the data, which can be indexed in the search engine-for all to find and read. Hackers can also gain access to Google’s enormous database of transcripts.
Having to give out your phone number. You may find yourself doing this to strangers for varying scenarios like online lists and subscriptions. This puts you at risk for getting spammed or even harassed.
Phishing. Phishing via VoIP (“vishing”) lures someone into revealing personal information (e.g., credit card number) over the phone. An attack may be a voicemail that’s designed to alarm you enough to call the number left on it and then give out your personal information, or visit a website and do the same.
Phreaking. A phreaker is a hacker who robs a service provider of service, or uses a service but then dumps the cost onto an unsuspecting person.
Softphone vulnerability. This device is at risk of viruses, malware and worms. The softphone’s use of a socket makes them vulnerable, more so than IP phones.
Denial of service (DoS). A device or network is attacked, impeding service or connectivity. VoIP DoS attacks are done by inundating the target with useless SIP messages-interfering with call processing, allowing the criminal to gain remote control of the system’s administrative features.
Eavesdropping. This is the method of hackers for stealing data that allows the crooks to assume control over phone features such as voicemail, the calling plan and billing. There’s overlap between phreaking and eavesdropping in that the phreaker could alter calling plans by adding more credit and placing calls on the victim’s account.
Call tampering. A phone call is intruded upon while in progress, such as an influx of noise, or making delivery of communication stalled.
SPIT. Spamming via Internet telephony is that of sending voicemails to IP addresses (with every VoIP account is an IP address), cluttering voicemails with messages that may contain spyware and viruses.
Man-in-middle attacks. Someone intrudes upon call-signaling SIP message traffic and poses as the person making the call, or the recipient. Once accomplished, the attacker uses a redirection server to take control of calls.
So there you have it, the top 10 VoIP security issues. Knowing what these are will help you protect your online personal information.