What VOIP Users Should Know

If this doesn’t scare you it should.

Users of Skype, Google Chat and other Voice Over Internet Protocol (VOIP) telephone systems and many big organizations and medium sized businesses moving their telephones to this protocol to reduce costs should be concerned that VOIP isn’t as secure as they have been told.

Over the past few years, security experts have shown how phone calls can be effectively hacked, leading to vital calls being recorded on a company’s own servers.

You might reasonably think that this is purely down to poor local network policy, and that it won’t affect you.

However since then, one man has been charged with hacking VOIP phone calls and committing wire fraud.

(Image: Microsoft Office Online )

Venezuelan Edwin Pena was arrested in Mexico in early 2010 as a result of a manhunt, in which he was accused of hacking VOIP phone call networks.

Pena has been charged with various telephone based frauds centering around his scam. in which he sold very low priced telephone services to customers. To deliver these services, he was hacked the networks of larger VOIP providers.

However, Pena was discovered. He was diverting VOIP bandwidth from a company in Newark, NJ, who found themselves charged for over 500,000 phonecalls. Pena even enlisted the services of a professional hacker and caused the Newark business a loss of $1.4 million in the space of just a few months.

This wholesale hacking and diversion of VOIP calls is potentially only the tip of the iceberg.

As long ago as 2007, it was demonstrated by Peter Cox, a UK based VOIP expert that with relatively simple to develop software, it was possible to hack a user or network and record phonecalls made over VOIP (reports The Inquirer).

He demonstrated a program called SIPtap, which basically detects VOIP calls on a PC or network and records them. There is also the claim from Cox that the software could work at an ISP (internet service provider) level as well, throwing out the incorrect notion that VOIP is secure.

Coupling the SIPtap tool with a Trojan would allow any government agent, industrial snoop or even journalist to record phone calls on the very network that is being hacked.

The suggestion that VOIP is secure is an incorrect one – sharing information about this is vital if users are to be fully aware of the potential lack of security in such a system.

While there is an effort to add some form of encryption to VOIP systems, the costs of implementing this could be just as great as making the switch to VOIP in the first place. Protection against this means assessing your current security setup, monitoring telephone use and attempting to hack your own system - see our guide to Ethical Hacking for more ideas about this.