VOIP telephony and security: risks and countermeasures on devices
VOIP telephony and security
The advent of VOIP telephony was one of the great revolutions for companies: great savings on bills, great flexibility, very convenient additional services such as the ability to take your phone number anywhere or record calls with a simple click. A revolution that has been fully grasped by companies since forecasts speak of a global VOIP market that should reach 93.2 billion dollars by 2024.But as with any Internet-connected service, along with the countless advantages come the dangers that arise from cyber attacks and cybercriminals. VOIP infrastructures, in fact, are crucial for companies since through voice calls confidential information is shared and the current situation of extreme remote working makes everything even more complicated. But what are the typical attacks on VoIP infrastructures?
How criminals carry out attacks
The attack that cybercriminals carry most often on VOIP telephone systems of companies go through password compromise and it declines in several ways. The most common is also the most trivial one: after identifying a VOIP extension on the corporate network, criminals begin to storm it with attempts to log in, hoping to guess the password. Unfortunately, many users use short, trivial or easy-to-guess passwords and since an automated system can send thousands of passwords per hour, if the keyword is not "strong" it is easy for pirates to identify it in a reasonably short time.Another widely used system is that of credential stuffing, or trying to use passwords from other data thefts to access VOIP services. In fact, it often happens that users use the same password on multiple services and therefore when one is hacked, all other accounts using the same credentials become easy to compromise.
Finally, there is the evergreen phishing method, or using an e-mail, SMS, WhatsApp or any other type of message, to induce the user to enter his login credentials on a "flirtatious" site, similar to the company one, but managed by pirates.
Risks and potential costs of a breach of the VOIP system
Anyone who breaches a corporate VOIP system can cause thousands of dollars worth of damage if they know their way around. One of the most damaging practices for those affected by the compromise is that which sees the pirates connecting entire call centers to the violated switchboards, generating large amounts of traffic and consequent bills from the traffic provider. Depending on how the IP PBX routes calls and traffic, this activity can continue for months before being discovered.Another major risk is call recording and real-time spying. In fact, more and more criminal organizations are attacking companies to be able to extort money without their knowledge, through operations that exploit internal procedures in order to hijack legal transfers on bank accounts in the name of pirates. To do this, they need to know the mechanisms that lead to payments well, so that they understand where they can intervene to change their bank credentials.
Listening to the telephone conversations of the administrative department is an ideal way to get everything they need and, sometimes, even a violation of the external perimeter is not needed. In fact, if the VOIP system does not include an encryption system, anyone connected to the same network can intercept and record phone calls, making the risk of spying very high.
SNOM provides high-security VOIP tools
To overcome all these dangers, SNOM's VOIP devices and services are provided, to make an analogy with the physical security of our homes, complete with very robust locks on both the front door and that of the back, as well as on all the doors that separate the rooms inside. Obviously, it is the network manager who must make sure that all doors are "properly closed", but the important thing is that the services and devices provide everything necessary to remain compromise-proof.Jan Boguslawski, Technical Snom's Product Manager explains that Snom runs automated security test protocols every day with its phones in real-world PBX environments: “We have set up rooms with a series of Snom phones that are tested in a virtualized environment, but true to reality. Basically, the Automatic Test Framework (ATF) that we created in the company continuously tests our software. This means that we are able to troubleshoot security issues and update our software even before the customer detects any anomalies. Simply put, we proactively identify and resolve issues rather than waiting for customers to come knocking on our support team's door asking for help. I believe that as IP phone manufacturers we are the only ones to act in this sense ".
" Our internal laboratory "- goes into detail Luca Livraga, Team Lead Technical Support of Snom Technology -" has servers dedicated to each of the three key aspects of security in products: one controls the new code that is created as we add functionality; another is in charge of checking that no regressions occur, that is, that already known and patched vulnerabilities return to represent a threat in new software versions; finally, other servers test the software directly on the hardware, in order to be sure that unexpected vulnerabilities occur outside virtual environments. "
A special attention was also dedicated to the way in which can communicate with phones. The only available channel is that of the Web interface, as SSH is disabled. The phones are HTTPS enabled and have unique digital certificates which represent a strong obstacle to the propagation of attacks. In addition, the authentication between the device and the control panel is bidirectional: the control panel verifies by means of a certificate that the telephone is actually the registered one and at the same time the device checks by means of a certificate that the control panel is actually the one on which it is registered.
