Cyber Security
Security threats associated with VoIP - Possible Issues and Resolutions
Changing your traditional analogue phone to a VoIP service delivers many different abilities, but it also opens new sets of possible security concerns.
For every VoIP security problem, there are various solutions. By being aware of the different threats, and knowing the different tools your provider and other companies offer to protect you can dramatically decrease your chance of security breach and enhance the protection against cyber attacks making your calls secure.
Here are some security problems that may impact VoIP, and how you can protect yourself.
Spam
Issue - SPIT (Spam over Internet Telephony), is similar to email spam, they both include undesired communications often created automatically. Nevertheless, this is an underestimated threat to security. That's because SPIT calls try to scam you out of personal and or financial information, and its a lot harder to detect that email because you don't know the content of the call until you pick up the phone, whereas emails have a subject line.
Resolution - Some VoIP offerings provide 'robocall' blocking features within their plans. These features improve year on year to block automated calls reaching your phone. Alternatively, you are able to block specific numbers, but scammers can falsify their phone information to get around that.
Hacking
Issue - One major advantage of VoIP is that it lets you access your number and voicemail from anywhere using a computer or mobile device. Yet, this also makes you more susceptible to hackers.
A hacker can access your account, steal information and gain control of your VoIP system. Seeing as VoIP is connected via the internet, hackers can attack in various ways, and if you want to be safe you need to be protected from all of them.
Resolution - No VoIP provider can guarantee that they can completely protect you from hackers. However, the best way to reduce the chances of a breach is to practice good computer safety and cyber-security practices.
Change all of your passwords and PINs away from their default options, and ensure these are strong passwords. If you have a WiFi network, implement WiFi protected access (WPA) protocol, and set a strong password on it as well.
Every device on the same network as your VoIP, ensure that the software is updated regularly, regularly scanned for any viruses and be careful when downloading programs and clicking links. A single compromised system can infect the whole network.
If you are travelling, be wary of public WiFi hot-spots to make VoIP calls, as hackers can simply access those networks. Hackers are capable of accessing your call and inject malware into your device.
Distributed denial of service (DDoS) attacks
Issue - This is becoming a more frequent attack. Most people don't have to worry about being a target for DDoS, but online businesses or running a blog, which puts you in the public eye, increases your chance of being a victim.​
A DDoS is an attack on the IP address, which overwhelms your internet service and briefly disturbs your VoIP system.
Resolution - For home users, a VPN is the best way to secure your lines from a DDoS attack, as it will encrypt your internet traffic, VPNs mask your IP address, which will stop hackers sending their useless data to the right location.
For business users, VPNs also help, however, if your business is large enough to be a high-profile target, you could invest in dedicated DDoS safeguards.
Unencrypted Traffic
Issue - When you place a VoIP call, data flows from your device to your Internet Service Provider (ISP), then your VoIP provider, and finally to the person you are calling. If the call is unencrypted then someone could potentially eavesdrop on your conversation at any of those points. Any private information that is mentioned on the call may be used to steal identities. Whilst it is the case that analogue phones are unencrypted, VoIP phones are easier for cybercriminals to tap into as the data flow is less centralised by comparison to the former.
Resolution - The simplest answer is to source a VoIP service that provides encryption for calls. On the other hand, you could set up a virtual private network (VPN) compatible to VoIP. VoIP VPN's forms an encrypted private network between you and the person that you are calling, establishing a secure and direct line of security that is hard to hack. VPN however, can reduce the quality of your calls if you have a low Mbps connection, that being said, if you have a high-speed connection then there will be a likelihood will not see a change in the quality.
Hardware
Issue: VoIP hardware, such as analogue telephone adapters (ATAs) and IP Phones, can have some security vulnerabilities that the manufacturer isn't aware of until after they have been shipped.
In 2015 Cisco found that there was a security exploit in their SPA300 and SPA 500 Series IP phones, which led the tech giant to give instruction on the workarounds to ensure security.
It is often the case that these problems require firmware updates to fix, but in order to apply updates, the problem needs to be known.
Resolution: This VoIP security is simple to fix. You need to check every so often if the manufacturer of the hardware used has posted any advisories. If there is, update your hardware as soon as possible.
While all of these threats may look like a deterrent and something that you will worry about, once you have set up security measures, you can relax knowing your calls are protected.
A little care, knowledge and tools can help to keep your VoIP secure.