VoIP Security Concerns
VoIP Protocols and Media Not Encrypted
No Centralized Username/Password Management
Many devices configured with default passwords (phones,
analog adapters, SIP Accounts, etc)
VoIP System becomes central point of convergence for Data,
Network services, and voice.
VoIP Depends on unsecured network services (TFTP/FTP)
Social Engineering Concerns
VoIP Systems open new line of communication from outside
world (PSTN) into network services.
VoIP is not Encrypted
Cisco is one of few vendors currently supporting SRTP
encryption of voice media streams (Call Manager 4.1,
SKINNY protocol). It is not enabled by default, and works
only with supported phones.
SRTP is not secured for use across the public internet.
The SRTP headers may be exposed, rendering the
When using VoIP across the public internet use VPN
technology to secure your calls.
Intraoffice VoIP can be secured by using a separate
network or VLAN for Voice traffic if SRTP is not available.
Demonstration of Call Interception
Default Administration Passwords
VoIP handsets can be locally configured, and
have default administration credentials which
are easily found on the internet.
With these credentials users can change their
extension number, codec settings, and much
Can Cause effective DoS attack.
Can be used to masquerade as someone else.
Attack performed by reconfiguring a phone to
have the same SIP user id as another phone.
Could be massively applied to redirect all calls
for entire enterprise to a different entity.
No Centralized User Management
No Vendor supports integration to directory services for SIP
user management ( Unless external Radius Authentication is
Some systems may store username/passwords in unencrypted
flat files, or unencrypted databases.
With a SIP username and password, a person can masquerade
as someone else.
Because there is no centralized management, maintenance is
difficult. This causes people to use a single username and
password for all phones, or use a person's extension number as
both username and password.
VoIP Center of Communication
VoIP Systems allow easy integration of multiple
VoIP System must communicate with many
different network services.
This can create a central store of credentials,
which if compromised could grant access to
VoIP Depends on TFTP/FTP
TFTP and FTP are unencrypted protocols.
Many VoIP phones use these protocols for automated configuration
and software updates.
A user on the network could upload a bad software load for all of the
phones, causing them to crash, lose features, or even cause them to
A malicious user could upload bad configuration files for phones,
causing similar problems. Also they could use this means to perform
spoofing attacks mentioned earlier.
Both Polycom and Cisco require that the configuration directory be
writeable as they use the directory to upload log information as well
as per phone configuration overrides.
Social Engineering with VoIP
Caller ID Spoofing
– Make Called Party think you are someone else
– Attempt to gain information or access that you shouldn't have
Incoming Call Spoofing
– Make Calling Party believe you are someone else
– Gain information you shouldn't have
Outgoing Call Redirection
– If VoIP System is breached, attacker could redirect an outgoing call to
himself to gain information.
New Public Access Avenue
Integrated VoIP Systems open your network to
a new public access mechanism namely the
If Dialplans, IVRs and Menus are not properly
implemented, attackers can gain access to
private information or system resources.
Encrypt VoIP Traffic
Where ever possible encrypt VoIP Traffic with
If VoIP is implemented on a corporate LAN use
SRTP if it is available, if not, attempt to
segregate VoIP traffic from normal data traffic
using either VLANs or a completely separate
If Cisco Call Manager is in use, use the latest
version that supports encryption, and enable
Use Unique Username/Password
Phones should be configured with non-default
Enable authentication on SIP accounts.
SIP accounts should use unique usernames
and passwords (not just extension numbers).
Because of the lack of centralized management
this is cumbersome to implement but worth it.
Secure VoIP System
Ensure that VoIP System is not accessible from
Use “good” passwords on all accounts on VoIP
All integration with external systems should be
achieved using encrypted protocols and
Store as few passwords as possible on VoIP
Secure VoIP Configuration
If phone configuration relies on FTP (Polycom) use non-default
username/password for FTP account.
If phone configuration relies on TFTP you must implement an
auditing process of the configuration files.
Unfortunately, because these protocols are unencrypted, a
determined user can gain access to these directories and
reconfigure phones pretty much at will using techniques already
Internal Firewalls/ACLs should be configured to block telnet and
http traffic from reaching voice VLANs or subnets.
Social Engineering Resolution
VoIP Social Engineering is no different from other social
engineering issues already known.
Users need to be trained on proper procedure, and must
not violate procedure based on any “trust” factors that may
Spoofing CallerID and Called Party information with VoIP
is very easy. Users must be trained not to trust CallerID.
VoIP Systems should have security audits often to ensure
that the system has not been compromised allowing a
malicious user to redirect outbound calls.
Secure All Access Avenues
VoIP Integration projects often open database,
CRM, customer information, or employee
information to access from the PSTN.
All PSTN access routes should be guarded by
PINs at the very least. PINs should not be
empty or set to a default.
All configuration menus should be guarded by