Mid-Michigan's Bigger Dealer With Better Deals
Seamless scaling, lower implementation costs, and the rising demand among end-customers make Voice over IP (VoIP) services an attractive new business avenue for telecoms. So much so that by 2025, the global VoIP industry is expected to reach $55 billion.
While the benefits of VoIP adoption are certainly attractive, they are somewhat offset by the increased cybersecurity risks this new technology poses. Legacy on-premises systems required physical access for hacking, whereas VoIP devices and networks can be compromised remotely. In 2017, nearly 46% of all fraudulent calls in the world were made using VoIP technology. We can assume that today the figure has hardly gone any lower.
Hacking SIP Trust Relationships
More info: Field Service Management
SIP gateways use SIP Trunks for a trusted call initiation and CDR/invoice management which makes them attractive targets for VoIP attacks. Beyond that, SIP trunks often have no passwords or IP-based filters used for trunk authentication. Most SIP trunks also have Direct INVITE privilege without REGISTER, again becoming a good avenue for attacks.
A typical SIP trust relationship hack will involve the following steps:
A hacker locates Trusted SIP Networks;
They send IP Spoofed Requests from each combination IP: Port;
Specifically, they’ll target calls that contain IP: Port in “From” section;
Once they have a call, they’ll capture the Trusted SIP Gateway IP and Port and use it to initiate unauthorized calls.
Lack of standardization among IP phone manufacturers and PBX device providers have made the job of protecting individual systems harder for businesses. For telecom providers, the security challenges of VoIP are further amplified by the over-reliance on two dominating VoIP protocols – SIP (Session Initiation Protocol) and SCCP (Skinny Client Control Protocol).
More info: it engineering