Here and there you may have heard of Voice over IP Toll Fraud. You may have even asked, “…what is it?”
Simply put, VoIP Toll Fraud is a third party using your VoIP network to make toll or distance calls at your expense.
It’s not so very different from the concept of open-relays for email. The attacker scans your network from the outside (possibly using a network of bots) looking for said open relay in a hope of using it to send out spam. In the case of the VoIP toll fraud, the attacker will be scanning for an insecure VoIP endpoint through which to place a call. These calls may be to premium lines (premium-rate call stuffing) or to distant countries. The inevitable phone bills may prove costly to unwary businesses.
Lets say your VoIP system consists of a gateway between the internet and your network phones and that your network phones can also pick-up and dial real land-lines. The attacker will be looking for a way through your internet gateway and beyond that any vulnerable devices which can place calls on land-lines. These vulnerable devices might include VoIP routers, IP PBXs or IP phones with unpatched firmware. Any one of these devices left insecure could provide an attack vector for VoIP toll fraud.
The solutions are thankfully relatively simple. You need first to ensure that your gateway is secure and only allowing traffic to pass from desired networks. Secondly, you need to keep all of the VoIP enabled devices on your LAN secure. This means applying software patches to your IP PBXs as neccessary and keeping your IP phone’s firmware up to date (a measure often overlooked).
To patch the firmware on some low-end IP phones can be somewhat time consuming. Larger organisations with many IP phones should look to suppliers who can provide firmware roll-out systems to automate the process.
Above all, think security first and you’ll keep the attackers at bay.
