Don't Forget About Voice Application Security

Over the past 10 years, SecureLogix has conducted many voice security assessments for enterprise customers. Our products also continuously monitor enterprise customers voice networks for attack. Our voice security assessments include two parts. First we instrument the TDM or VoIP trunks connecting one or more enterprise sites to the public network. We monitor all the voice traffic into and out of the site(s) and identify any security issues. For customers with VoIP, we can include a VoIP security vulnerability assessment/penetration test. We access the internal network and test the IP PBX, network, and VoIP phones for vulnerabilities.

Interestingly, while we always find vulnerabilities on VoIP systems, we have only seen one real world attack, and that attack involved good-old-fashioned toll fraud. However, we always find voice application security issues. These security issues are present whether the enterprise is using VoIP or not. Some of the issues we find include:

-        Unauthorized modems used to access the Internet – most users know that if they access inappropriate sites on the Internet through the primary connection, that the access will be detected, logged, and possibly blocked. Some users bypass this security by connecting an analog phone line to a modem in their PC/laptop and dial their Internet Service Provider (ISP). While this isn’t a fast connection, it is fine to check personal mail, check stocks, look at sport sites, etc. We have seen as many as 100 simultaneous unauthorized modem connections at large sites. These connections are unmonitored and can allow the user to accidently download malware or leak confidential information. Plus, the connection is also not protected by a network firewall and an attacker who finds the users IP address can hack in, attack the PC/laptop, and/or jump off onto other systems.

-        Poorly secured authorized modems – many critical infrastructure systems, including PBXs and other equipment, use modems for remote access. These modems can be easily found by simple “war dialing” of numbers at an enterprise site. Many of these modems are poorly protected and once found, can be exploited. These attacks can be very serious, because the systems connected to the modems are often critical.

-        Toll fraud – while VoIP has made some long distance calling a lot cheaper, some long distance, especially international calls, can be still be expensive. Toll fraud is still a serious issue for the enterprise. It can range from a few international calls made over fax lines to a hacked Direct Inward System Access (DISA) or VoIP interface, where the attacker sells numbers/access and can rack up $100,000s of charges in a short amount of time.

-        Harassing calls – this includes a variety of irritating and even dangerous calls and call patterns, to include fax SPAM, harassing executives, bomb threats, and other attacks.

-        Social engineering – includes calling into enterprises and call centers looking for inexperienced users who give out confidential information.

So while VoIP vulnerabilities get a lot of the hype, don’t forget about basic application voice security issues. They are virtually always present at enterprise sites, whether VoIP is used or not. For more information on these and other issues, see SecureLogix’s web page at www.securelogix.com