Gone are the days of copper wires that transmitted phone signals from the early days of telephones, we’ve found yet another use for the internet; phone service. Since VoIP is a digital version of our old analog system, it’s an entirely different approach to voice communication. Unlike in the past when businesses required switching hardware and telephone sets, VoIP is heaven-sent since it requires little more than an inexpensive headset attached to a computer.
As the Internet has evolved and become universally available, so has VoIP. As of 2013, 25% of U.S. households were using VoIP in place of their old landlines. Today, most medium to large businesses all over the world are using it, and it is expected to continue to grow rapidly well into the future.
With all the features VoIP makes available to business, it’s the obvious way to go for your phone service. However, like any of the life-changing improvements the internet has given us, there is that thing often forgotten and thought about last; Security! For this discussion regarding VoIP systems, we’re going to look specifically at Denial of Service (DoS) attacks.
A Denial of Service attack is an attack on a network or device, preventing it from providing service or connectivity. A DoS is carried out by consuming the bandwidth of its target, flooding it with requests that prevent it from performing its useful functionality of serving legitimate requests for data or communication.
When most people think of cyber attacks, they think of viruses, ransomware, and the like; but, those aren’t the only types of attacks that can wreak havoc on computing systems. For those who utilize VoIP systems, DoS attacks can cripple their telephone communication systems. If you have a VoIP system, it’s crucial that you learn how to safeguard your system from these dangerous invasions.
In order to better comprehend the different types of VoIP DoS attacks, it’s important to understand Session Initiation Protocol (SIP) since you’ll see the phrase in the descriptions of the types of attacks. While VoIP refers to the “type” of phone call, SIP refers to the “protocol” used for setting up those calls. It defines the messages sent between endpoints and it establishes the elements of a phone call. Most IP phones you see in offices and businesses today are SIP-compatible phones, enabling those phones to make VoIP calls. Below are a few examples of VoIP DoS attacks.
Call Flooding - Call Flooding, sometimes called Mass Calling, is a DoS attack that involves directing large numbers of calls to a specific target for the purpose of preventing the normal operation of telephone services. In the case of call flooding, phones are kept ringing almost constantly. As soon as one call is cleared, the phone rings again.
This type of attack doesn’t prevent all legitimate calls from reaching their destination, but depending on the severity of the attack, it can sharply limit a business's ability to communicate. This type of attack limits both incoming and outgoing calls. Call flooding is sometimes used as a way to extort payment from the victim to stop the attack, or to act as a cover while financial fraud takes place.
Message Flooding - An SIP Message Flooding attack involves sending more SIP messages to the target than it can handle. If the target has insufficient memory or processing power to deal with the attack, it will either stop processing calls, or cause other functions of the system to simply stop working.
Malformed Messages - Malformed Message Attacks are a SIP message that is either not compliant to the relevant SIP specifications, or the SIP stack / SIP parser of the target is not able to process correctly. The intention of a SIP Malformed Message attack is to cause the recipient of the attack to stop processing calls effectively.
Caller ID Spoofing - Sometimes, malicious individuals will conduct caller ID spoofing. Attackers use spoofing to obtain information or facilitate scams against their targets. If an attacker can detect an insecure phone system default configuration, they can make, receive and transfer calls, using victims’ devices for covert surveillance.
As discussed, VoIP DoS attacks are generally carried out by flooding a target with unnecessary SIP call-signaling messages, thereby degrading the service; but why would someone unleash a destructive attack on a phone system?
There are a variety of reasons, for instance: the attacker may want to cease proper operation of the target while the attacker gets remote control of their victim’s system, where they can then do their damage. The attacker may hope to extort money from the organization they attack with the threat of continuing the attack until the ransom is paid. An attack may be launched in an attempt to disparage the brand name reputation of a company for unscrupulous reasons. At its very worst, a DoS attack may be launched for the purposes of political or state-sponsored terrorism.
Despite the vulnerability of your VoIP system to DoS attacks, there are steps you can take to protect your system. You can protect your phone system using a SIP-aware firewall system at the VoIP network perimeter. The device works on the outer perimeter and separates legitimate VoIP traffic from VoIP attack traffic, allowing only legitimate traffic through to the system.
To become even safer from attack, you must protect more than just your VoIP system. You must also protect your network.The servers and software that run the phone system need to be immune to attack. A DoS attack launched against the servers that run the Domain Name System (DNS) could result in a disruption of the VoIP system since the phone system relies on DNS to resolve the IP addresses for the VoIP devices. Mitigation of these types of attacks can be done using common network security practices. Firewalls to block traffic along with routers and switches set up with proper security settings.
Also, if you have an outside VoIP provider, they should have the required security measures in place to help prevent DoS attacks. It’s in their best interest to build rock-solid security into their systems since they have many customers using their service.
Whatever your VoIP configuration, don’t wait until a disaster occurs to address this type of threat. It’s much easier to stop a DoS from happening to your VoIP, than to clean up the mess that one individual can impose on your entire enterprise.