Security Threats
In the beginning, there were no big concerns about the security issues related to VoIP (Voice over Internet Protocol). During that time, people were only concerned with its reliability, cost and functionality. Now a day, security has become a major issue, since VoIP technology has become one of the mainstream communication technologies and has been widely spread across the world.
Voice over IP is a transmission technology of sending voice communications and multimedia sessions over the internet. Therefore, VoIP faces the same threats and challenges that are more commonly linked with the internet.
Some of the potential threats a VoIP technology may face includes –
• Eavesdropping – This technique is used by the hackers to steal sensitive and other information of the people. It is an act of secretly listening to the private conversations of others without their consent or knowledge. Through eavesdropping, the hacker can obtain information like names, phone numbers and passwords to gain control over calling plan, voicemail, billing information, and call forwarding.
• Man-in-the-Middle (MITM) attacks – It is a method of eavesdropping. In this type of attack, an attacker interrupts to call-signaling SIP traffic and masquerades as the calling party or the called party. MITM is also used to hijack calls via redirection server.
• Phreaking – In this type of attack, hacker steals service from a service provider or use service while passing cost to another person.
• Malware and Viruses – Voice over IP utilization involving software and soft phones are vulnerable to viruses, malwares and worms, like any other internet application or software. Since this software and soft phones application runs on the computer, they are exposed to malicious code attacks in VoIP software or soft phones.
• Denial of Service (DoS) – Denial of Service is an attack on a device or network to make its resources unavailable or denial of a service to its users. This attack is used to get the administrative facility of the remote system. DoS attack is carried out by sending the unwanted SIP call-signaling messages to the target, thereby degrading the service.
• Spamming over Internet Telephony (SPIT) –Spamming means sending electronic mails to people against their will. These e-mails mainly consist of online sales call, and sometimes they carry malware, spyware and viruses along with them. Every VoIP account has associated IP addresses, which ease spammers to send voicemails to several IP addresses. SPIT is nothing but a phishing over VoIP (or vishing).
• Call Tampering – Call Tampering is done by adding noise packets in the communication stream, which spoil the sound quality of the call.
• Vishing – It is also known as VoIP Phishing. It is a process of acquiring credential information like credit card details, passwords, bank account details, etc. by masquerading as a trustworthy organization in an electronic communication.