Voice over Internet Protocol (VoIP) is a general term for a family of transmission technologies for delivery of voice communications over IP networks such as the Internet or other packet-switched networks.
Unified communications (UC) is the integration of real-time communication services such as instant messaging (chat), presence information, Telephony (including IP telephony), video conferencing, call control and speech recognition with non real-time communication services such as unified messaging (integrated voicemail, e-mail, SMS and fax).
UC allows an individual to send a message on one medium and receive on another
Eavesdropping: Eavesdropping is the act of secretly listening to the private conversation of others without their consent.
Impact: Through eavesdropping, a third party can obtain names, password and phone numbers, allowing them to gain control over voicemail, calling plan, call forwarding and billing information. Solution: The primary means of protecting SIP traffic is using Transport Layer Security (TLS) and Secure RTP (SRTP). With encryption, sessions are kept private with no chance of eavesdropping. For inter-office traffic calls, using VPN are obviously secure. Reality: Not all VoIP providers use encryption since it costs money in overhead.
Vishing: The term is a combination of "voice" and phishing. which involves a party calling you faking a trustworthy organization (e.g. your bank) and requesting confidential and often critical information.
Impact: Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
The criminal configures either a war dialer to call phone numbers in a given region or accesses a legitimate voice messaging company with a list of phone numbers stolen from a financial institution.
When the victim answers the call, an automated recording, often generated with a text to speech synthesizer, is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity. The message instructs the consumer to call the following phone number immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent.
When the victim calls the number, it is answered by automated instructions to enter their credit card number or bank account number on the key pad.
Once the consumer enters their credit card number or bank account number, the visher has the information necessary to make fraudulent use of the card or to access the account.
The call is often used to harvest additional details such as security PIN, expiration date, date of birth, etc.
DoS/DDoS: A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make resource unavailable to its intended users. In VoIP, DoS attacks can be carried out by flooding a target with unnecessary SIP call-signaling messages, thereby degrading the service. This causes calls to drop prematurely and halts call processing.
Impact: Once the target is denied of the service and ceases operating, the attacker can get remote control of the administrative facilities of the system.
Solution: To Protect from DoS/DDoS Attack, Firewall, Policy Control, Black List/ White List , … should be used.
Man-in-the middle: The man-in-the middle attack intercepts a communication between two systems.
Impact: The attacker intercepts call-signaling SIP message traffic and masquerades as the calling party to the called party, or vice versa. Once the attacker has gained this position, he can hijack calls via a redirection server.
Solution: Use TLS or Mutual TLS (MTLS/SRTP) to prevent call hijack.