Toll fraud, denial of service attacks, phishing and eavesdropping all are on the rise as worldwide more businesses use SIP trunks to cut communications expenses. The SIP standard’s vulnerabilities have been an open secret within the industry for several years. But the problems are getting worse as more cyber thieves and spies exploit SIP trunks to make free calls or access credit card data, disrupt or even shut down operations, and obtain confidential information. Such breaches stand to worsen, sources say, and everyone — from service providers to channel partners to end users — must share the responsibility for securing SIP trunks.
In 2013, PBX and VoIP hacking, along with account takeover/identity theft, cost operators around the world almost $12 billion, according to the Communications Fraud Control Association (CFCA). Total fraud losses for the year came to $46.3 billion, up 15 percent from the previous CFCA survey, conducted in 2011.
Anecdotal evidence confirms those findings. “The problem is very widespread and active," said Austin Herrington, director of enterprise/CPE product marketing for SIP trunking provider Windstream. “We choose not to share stats from our own networks for very obvious reasons." Wes Rogers, COO of NexVortex, called SIP hacking “big business, involving real money," adding, “the bad guys are becoming increasingly sophisticated and more aggressive." Kristian Kielhofner, CTO of Star2Star, agreed. “These kinds of attacks are escalating and escalating quickly," he said.
Expect the circumstances to worsen as more firms adopt SIP trunking. By 2018, 42 percent of organizations — compared to 13 percent in 2013 — around the globe will send all of their toll traffic via SIP trunks, Eastern Management Group reported in September 2013. As a result, sources predict that hackers, thieves and spies will intensify their efforts. Indeed, all PBX and phone system vendors now build their products on SIP, said Graham Francis, CEO of The SIP School. For VARs, integrators, MSPs and IT-centric agents, then, it’s imperative to be able to identify potential trouble spots and know how to shore up customers’ SIP trunks.
To ensure security, it’s important to first understand the threats. Three forms of breaches are the most common:
• Crimes of opportunity (e.g., toll fraud, phishing). These usually occur because a client’s PBX has not been adequately secured. If the SIP trunk connects to a PBX with SIP-accessible user extensions, and the users have weak login details, names and passwords are easily guessed. Once a hacker penetrates the SIP system, he or she is able to pass fraudulent traffic to high-cost international and domestic destinations. “Literally thousands of dollars can be lost in as little as an hour," said NexVortex’s Rogers. Or the hacker can highjack a phone number, point it to an IVR script requesting credit card information, and lure people into yet another iteration of the long-familiar phishing scam.
• Volume-based attacks (e.g., telephony denial of service, similar to distributed denial of service attacks within data networks). “Unauthorized users flood the system with too many access requests and prevent legitimate users from accessing the system," said Dean Manzoori, vice president of global UCaaS for Masergy. This can cost a business customers and sales, not to mention wasted employee time.