What are the security risks when using VoIP?

Page content

Top VoIP Security Risks

Identity and service theft

VoIP services can be phreaked. Phreaking is a type of hacking that steals or uses a service from a service provider on the expenditure of another person. Session initiation protocol (SIP) – an authentication method over VoIP calls, does not commonly use encryption, which results in VoIP services being phreaked.


Hackers steal user names, passwords and phone numbers through eavesdropping to take control over voicemail, billing information and call forwarding. This leads to a complete service theft. The hackers do not always do this to gain access to a free service, but also to get important information like business data and other sensitive information. A phreaker can do other things like change call forwarding number, access voice mail, modify calling plans and more.


It is another name for VoIP phishing, which involves someone calling you pretending to be a trustworthy organization (e.g. your bank) and requesting personal and sensitive information such as account number, credit card details, etc. The criminals who might phone you already have some information about you, which creates a false sense of security and consequently you give them more sensitive information.

Call tampering

Voice calls can be tampered by the attacker, who can simply flub the quality of the call by injecting noise in the communication stream. The voice call participants can meet long periods of silence during the call when the attacker withholds the transfer of packets.

Viruses and malware

VoIP equipment such as soft phones is vulnerable to malware just like any other internet application. The soft phone application runs on a user system (i.e. PC and PDA) and is easily exposed to malicious code attacks.

DoS (Denial of Service)

VoIP can suffer from DoS (Denial of Service) attacks. It is often achieved by overloading the network, device or consuming all available bandwidth. VoIP calls can be dropped untimely by also flooding the target with unnecessary SIP call-signaling messages, which results in halting of call processing.

The attacker might deny the service to the target by launching a DoS attack so that he can get remote control of the administrative tools of the system and then misuse them.

SPIT (Spamming over Internet Telephony)

Spamming in VoIP has not become very common as yet but is beginning to be, soon. Like those emails we often receive consisting of online promotion, sales calls, now these messages are also going to VoIP voicemails. Since every VoIP account has an associated IP address, it becomes very easy for spammers to send their voice messages to numerous random IP addresses, which results in voicemails clogging. Spam messages sent to VoIP accounts can also carry malware and spyware with them.

As you have now become familiar with the security threats related to VoIP, it is worth finding out how to protect VoIP from all these threats. Keep checking back on Brighthub to read an article, which is going to be published soon, about ways to securing and protecting Voice over IP.