The prevalence of Voice over Internet Protocol (VoIP) fraud has been on the rise, with some high-profile cases bringing the subject matter into greater focus for IT decision makers. VoIP fraud often results in thousands of dollars lost for companies dealing with this theft.
In fact, a single fraud event can cost VoIP providers between $5,000 and $50,000, and this is usually borne by the provider because customers refuse to pay the charges that come from such theft. And a study by one fraud management company estimated that some telcos are losing upwards of $150 million a year due to VoIP fraud.
It’s come to light that certain phone systems may be more vulnerable to VoIP fraud. Evidence indicates that VoIP theft is on the rise. There were nearly 83,000 fraud complaints in 2011, according to watchdog group, the Australian Competition and Consumer Commission (ACCC) – that’s almost double the complaints from 2010 and quadruple the number from 2009. The ACCC estimated that nearly 20 percent of the fraud complains received in 2011 involved telecommunications hacking.
Researcher Ang Cui recently demonstrated an attack on common Cisco-branded VoIP phones that can easily eavesdrop on private conversations remotely, pointed out Valerie Bradford’s recent TransNexus (News - Alert) blog post.
“To present the demo, which had never been tried in a public forum before, Cui employed an external circuit board that he said James Bond would have no trouble inserting onto a telephone inside the target organization,” Bradford said. “Cui suggested he could be a job applicant to get inside or he could simply compromise the lobby phone. Once one phone is compromised, the entire network of phones could be vulnerable. He said later he could also perform the exploit remotely, no physical-world circuit boards necessary.”
Next, Cui was able to create an app on his mobile phone to connect to it and export the data, capturing every word. By passing the mic data over the Internet to Google’s (News - Alert) Speech to Text Service, Cui then projected on a screen behind him a transcript of his spoken words, each appearing after a slight delay.
“He said that he could also bypass Google and simply capture the audio file as an ‘automatic blackmail device,’” Bradford continued.
Meanwhile, Cisco (News - Alert) maintains that the company “maintains a very open relationship with the security community and we view this as vital to helping protect our customers’ networks.” The company said that workarounds and a software patch are available to address such vulnerabilities.
While these security problems persist, there are other solutions available to address VoIP fraud. For example, earlier this year, TransNexus released a fraud detection module in its NexOSS product. The module detects spikes in call traffic, automatically blacklisting suspicious routes, suspending them from the routing table.
The company’s SDReporter product offers a comprehensive reporting package designed to analyze quality of service (QoS) statistics and Call Detail Records (CDRs) reported by an enterprises’ SBC or PBX (News - Alert). SDReporter already monitors 24 different call quality statistics and can detect and isolate call fidelity quality of service issues in the source network or destination network or based on end to end packet flow received by the calling and called party.
Want to learn more about SIP Trunking and how to integrate it into your current UC strategy? Don’t miss the SIP Trunking- UC Seminarscollocated with ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.
Edited by Rich Steeves