While initially only business customers used it, now private individuals are also using voice over IP (VoIP) technology to make calls. This technology sends your voice in a data packet over the lines using the Internet Protocol (IP). VoIP phone systems are therefore nothing more than computers with special functions. But, like any computer, the system needs protection from attackers.
Risks to VoIP phone systems
Regular phone systems are based on a point-to-point connection. If you called a party, you literally occupied one line. But this outmoded technology has not been able to keep pace with the increased need for communication. VoIP uses an open IP network for transmissions. In other words, voice communication shares its data streams with email and websites.
- The biggest threats arise when a third party invades one of the components involved. If they manage to do this, there are many possible dangerous scenarios: They might be calling at someone else’s cost, eavesdropping on conversations, or scanning your connection data or contacts.
- “Man-in-the-middle” attacks represent an equally grave risk. Attackers insert themselves between the two people in the conversation without their knowledge and have complete control over data transfers. They can see information or even fake someone else’s identity.
- They can also cause damage indirectly. By recording telephone calls, they can later generate entire dialogs that can then be used to purchase goods from electronic order systems, for example.
How to protect your VoIP phone system
- Watch for initial signs:
- If you have problems accessing voice mail messages or the line suddenly appears to be busy, you should not simply ignore it. A technical service provider should have a look at it to rule out any misuse.
- Another red flag for hacking attempts can be a short, frequent ring on an extension.
- It is also a good idea to look regularly at the system log. Multiple unusually short calls or frequent calls from toll-free numbers may be caused by manipulation, but not necessarily.
- Assign individual passwords or PINs.
After you switch on the phone system, you should hand out all default passwords in person. Avoid PINs that match the number of the extension or simple codes such as 12345. Mailbox passwords should ideally be changed regularly.
- Restrict access to the system administration.
This applies equally to business and home systems. As few people as possible should have direct access to the phone system, and that means both physical access and access to internal functions. The phone system should be kept in a room that can be locked. In businesses, only especially trustworthy and trained staff should have access to the system’s setup functions or functions for entering user data. At home, it is helpful to set up an admin password.
- Disable unused answering machines.
It is best to disable all voice mail inboxes in the system that are not assigned to a user or an extension. For businesses, this means that when an employee leaves, their voice mail inbox should be deleted.
- Turn off unnecessary functions.
Have all functions that you do not need switched off or disable them yourself. This goes for functions such as the ability to log in from anywhere, which is available in many systems. In particular, functions that allow remote access to the system or its core functions also present a security risk.
- Use number lists.
As with smartphones, cut down on potential losses by blocking phone numbers or prefixes of toll-free numbers. Phone systems usually offer the option to create both blacklists and whitelists. A blacklist only blocks numbers that have been saved to the list. All other parties can be called. Whitelists reject all numbers unless they are on the list.
- Disable keyboard sounds:
If technically available in the system, sounds that confirm key presses when a PIN is entered should be switched off. If the sounds are being recorded by a hacker, it is relatively easy to gain access to the voice mailbox.
- Install patches:
the more recent, the better. Patches and updates supplied by the provider should be installed immediately after the provider makes them available. This usually eliminates any security loopholes.
- Secure the entire network!
In businesses, the VoIP system is part of the corporate network. It must be protected across the board. This includes a correctly configured firewall that works correctly with VoIP data. You can find tips for your home network in the Wi-Fi chapter.