Skip to main content

Who’s on the line? Call hijacking and disruption

In my first column, I highlighted the relatively little attention received by VoIP security when compared with web and email, and commented that VoIP system face a set of unique threats. Just what are these threats?

Imagine that you are calling your bank. You have identified yourself by entering your account number on your phone’s keypad and by answering the usual security questions when you are cut off. Should you worry?

If you are using a standard phone line probably not, but if you are on an unsecure VoIP line you should be more concerned. Your call may have been hijacked and the attacker is now calmly transferring the contents of your account to the Cayman Islands.

Farfetched? Not really. Call hijacking is one of many VoIP application security threats that I demonstrate in my VoIP security workshops.

From the attacker’s point of view it not the easiest of attacks and needs a lot of preparation, but the potential pay-back means that is it worth investing some time.

Other attacks, such as terminating calls or flooding a VoIP system to the point of failure are much easier and therefore probably more likely, but make for a less exciting demonstration.

The point is that that any unprotected VoIP system is potentially vulnerable to these threats, each of which has the potential for service disruption and direct financial cost.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.