“VoIP vulnerabilities”的意思、由来-开放百科全书

词条

VoIP vulnerabilities

释义

Vulnerabilities
Remote eavesdropping Network attacks Default security settings VOIP over WiFi
VOIP exploits
VoIP spam VoIP phishing
See also
References

VoIP is vulnerable to similar types of attacks that Web connection and emails are prone to. VoIP attractiveness, because of its low fixed cost and numerous features, come with some risks that are well known to the developers an are constantly being addressed. But these risks are usually not mentioned to the business which is the most common target.^[1]

VoIP also allows the use of fraud and shady practices that most people are not aware of. And while this practices are restricted by most providers, the possibility that someone is using them for their own gain still exists.

Vulnerabilities

Remote eavesdropping

Unencrypted connections lead to communication and security breaches. Hackers/trackers can eavesdrops on important or private conversations and extract valuable data. The overheard conversations might be sold to or used by competing businesses. The gathered intelligence can also be used as blackmail for personal gain.^[2]^[3]

Network attacks

Attacks to the user network, or internet provider can disrupt or even cut the connection. Since VOIP is highly dependent on our internet connection, direct attacks on the internet connection, or provider, are highly effective way of attack. This kind of attacks are targeting office telephony, since mobile internet is harder to interrupt.^[3] Also mobile applications not relying on internet connection to make VOIP calls.^[4] are immune to such attacks.

Default security settings

Hardphones (a.k.a. VoIP phone) are smart devices, they are more a computer than a phone, and as such they need to be well configured. The Chinese manufacturers, in some cases are using default passwords for each of the manufactured devices leading to vulnerabilities.^[5]

VOIP over WiFi

VoIP even while VoIP is relatively secure in 2017, it still needs a source of internet, which in most cases is WIFI network. And while a home/office WIFI can be relatively secure, using public or shared networks will further compromise the connection.^[6]

VOIP exploits

VoIP spam

Voip has its own spam called SPIT (Spam over Internet Telephony). Using the unlimited extensions provided by VOIP PBX capabilities, the spammer can constantly harass his target from different numbers. The process is not hard to automate and can fill the targets voice mail with notifications. The caller can make calls often enough to block the target from getting important incoming calls. This practices can cost a lot to the caller and are rarely used for other than marketing needs.^[7]

VoIP phishing

VOIP users can change their Caller ID (a.k.a. Caller ID spoofing), allowing caller to represent himself as relative, colleague, or part of the family, in order to extract information, money or benefits form the target.^[8]

References

1. ^Securing VoIP Networks book by Peter Thermos, Ari Takanen, {{ISBN|978-0-321-43734-1}}
2. ^Unencrypted VoIP poses security threat
3. ^¹Security Advisories by Asterisk
4. ^[https://www.pindo.me/ Pindo - Mobile VoIP without internet connection]
5. ^[https://securityintelligence.com/news/researchers-find-voip-phones-vulnerable-to-simple-cyberattacks/ Researchers Find VoIP Phones Vulnerable to Simple Cyberattacks]
6. ^VoIP Threats And Vulnerabilities #6
7. ^Top VoIP vulnerabilities
8. ^[https://uk.norton.com/voip-security-a-primer/article The Vulnerabilities of VoIP]

1 : Internet security

随便看

开放百科全书收录14589846条英语、德语、日语等多语种百科知识，基本涵盖了大多数领域的百科知识，是一部内容自由、开放的电子版国际百科全书。