Table of Contents Categories
  Encyclosphere.org ENCYCLOREADER
  supported by EncyclosphereKSF

VoIP vulnerabilities

From HandWiki - Reading time: 2 min

VoIP vulnerabilities are weaknesses in the VoIP protocol or its implementations that expose users to privacy violations and other problems. VoIP is a group of technologies that enable voice calls online. VoIP contains similar vulnerabilities to those of other internet use.

Risks are not usually mentioned to potential customers.[1] VoIP provides no specific protections against fraud and illicit practices.[citation needed]

Vulnerabilities

Eavesdropping

Unencrypted connections are vulnerable to security breaches. Hackers/trackers can eavesdrop on conversations and extract valuable data.[2][3]

Network attacks

Attacks on the user network or internet provider can disrupt or destroy the connection. Since VoIP requires an internet connection, direct attacks on the internet connection, or provider, can be effective. Such attacks target office telephony. Mobile applications that do not rely on an internet connection to make calls[4] are immune to such attacks.[why?]

Default security settings

VoIP phones are smart devices that need to be configured. In some cases, Chinese manufacturers[citation needed] are using default passwords that lead to vulnerabilities.[5]

VOIP over Wi-Fi

While VoIP is relatively secure[citation needed], it still needs a source of internet, which is often a Wi-Fi network, making VoIP subject to Wi-Fi vulnerabilities[6][further explanation needed]

Exploits

Spam

VoIP is subject to spam[clarification needed] called SPIT (Spam over Internet Telephony). Using the extensions provided by VoIP PBX capabilities, the spammer can harass their target from different numbers.[citation needed] The process can be automated and can fill the target's voice mail with notifications. The spammer can make calls often enough to block the target from getting important calls.[7][irrelevant citation]

Phishing

VoIP users can change their Caller ID (a.k.a. Caller ID spoofing), allowing a caller to pose as a relative or colleague in order to extract information, money or benefits from the target.[8][citation not found]

See also

References

  1. Securing VoIP Networks book by Peter Thermos, Ari Takanen, ISBN:978-0-321-43734-1
  2. "Unencrypted VoIP poses security threat". March 28, 2007. https://www.itpro.com/108992/unencrypted-voip-poses-security-threat. 
  3. "Security Advisories ⋆ Asterisk". https://www.asterisk.org/downloads/security-advisories/. 
  4. "Mobile VOIP alternative for business international calls". https://www.pindo.me/. 
  5. "Research: VoIP Phones Can Be Exploited If Not Set Up Properly". https://securityintelligence.com/news/researchers-find-voip-phones-vulnerable-to-simple-cyberattacks/. 
  6. Hickey, Andrew R. (December 18, 2007). "Top 9 VoIP Threats And Vulnerabilities". https://www.crn.com/slide-shows/networking/205100204/top-9-voip-threats-and-vulnerabilities.htm. 
  7. Messmer, Ellen (October 1, 2007). "Top 14 VoIP vulnerabilities". https://www.networkworld.com/article/2286358/top-14-voip-vulnerabilities.html. 
  8. "The Vulnerabilities of VoIP". https://uk.norton.com/voip-security-a-primer/article. 



Retrieved from "https://handwiki.org/wiki/index.php?title=VoIP_vulnerabilities&oldid=3374803"
Licensed under CC BY-SA 3.0 | Source: https://handwiki.org/wiki/VoIP_vulnerabilities
9 views | Status: cached on August 01 2024 15:10:03
↧ Download this article as ZWI file
Encyclosphere.org EncycloReader is supported by the EncyclosphereKSF