's Blog

For All Your Phone System Needs

VoIP Security Threats

Upgrading to a VoIP phone system can provide businesses with many benefits. In comparison to analog phone systems, Voice over Internet Protocol offers a wider range of capabilities and features. But this can also open up a new set of potential security issues. Luckily, with these potential threats come a multitude of solutions.

Before you upgrade, it is important to understand the risks and prepare accordingly. Here are some common VoIP security issues and how you can solve them.

Spam over Internet Telephony (SPIT) is like spam email in that it involves unsolicited messages (usually generated automatically) that waste time and serve as a nuisance. However, it is often underestimated because some SPIT calls try to scam you. SPIT is also harder to detect than spam email because you can’t know the content of the call until you pick up, in contrast to emails where you can read the subject line.

To safeguard against this, some providers include a robocall blocking feature within their plans, which improves over time as more hackers are detected and blocked. Or you can sign up with the cloud-based blocker Nomorobo, which won a Federal Trade Commission (FTC) challenge to develop a tool against robocalls. It works by quickly routing calls through a second line to identify SPIT. Another solution is to manually block specific numbers that send unwanted calls. With this method, you may still end up with a lot of junk calls because SPIT callers can easily falsify their phone number (a tactic used by traditional phone scammers).

Unencrypted Traffic
On a VoIP call, data flows from your device to your ISP to your VoIP provider to the person or people you are calling. If your call data is unencrypted, someone could potentially eavesdrop on your conversation at any of those points. Any personal information disclosed over the call is susceptible to being stolen. It is true that analog phones are also unencrypted, but VoIP phones are easier for cybercriminals to target because the data flow is less centralized compared to the traditional telephone system.

The easiest way to safeguard against this is to find a VoIP service that provides encryption for your calls, which most providers offer by routing calls directly through their cloud servers. Or you can set up a virtual private network (VPN) compatible with VoIP. These create an encrypted private network and establish a direct line of communication that is difficult to intercept, however, these do require an increased amount of bandwidth. If you have dial-up or satellite Internet with a slow connection speed, a VoIP VPN may significantly decrease the quality of your calls, while those with high-speed Internet connections will likely not see much of a change.

The ability to access your number and voicemail from anywhere using a computer or mobile device is one of the major draws of VoIP. But, unfortunately, this also leaves your phone system vulnerable to hackers. Since VoIP is connected to the Internet, hackers have lots of different ways that they can attack your account, from stealing information to gaining control of your system.

While no VoIP provider can completely protect you from hackers, there are ways that you can minimize your risks. You can do so by practicing good computer safety and cybersecurity habits. For example, always change your passwords and PINs from the default options, and make sure you use strong passwords. If you have a Wi-Fi network, protect it with Wi-Fi Protected Access (WPA) protocol and set a strong password as well. Every computer and device on the same network as your VoIP should have updated software, be scanned for viruses regularly and use caution when downloading programs or clicking links. A single compromised system can quickly infect an entire network. Hackers can easily lurk on free Wi-Fi hotspots, so when you’re out and about, be wary of using these to make VoIP calls. If hackers spot VoIP traffic, they can listen in on your call or inject malware into your device.

Unfortunately, VoIP hardware (ex. analog telephone adapters, IP phones) may carry vulnerabilities that manufacturers are unaware of until later. While firmware updates can fix these issues, in order to apply those updates, you must be aware of the issues in the first place.

To stay informed, it’s important to periodically check if the manufacturer has posted any security advisories and patch or update your hardware as soon as possible.

DDoS Attacks
Distributed denial of service (DDoS) attacks are increasing in frequency every year. Most people need not worry about DDoS attacks, however, those who run online businesses or do anything that places you in the public eye (ex. blogging, streaming) are at a greater risk. A DDoS attack against your IP address will overwhelm your Internet service and temporarily disrupt your VoIP system.

At home, a VPN is the best way to safeguard against DDoS attacks. Aside from encryption, VPNs protect your true IP address, preventing attackers from sending spam to the right location. VPNs may help businesses as well, but if you think your business is large enough to be a high-profile target, investing in dedicated DDoS safeguards might be a better route.

Of course, all of these threats may seem overwhelming, but with the proper security measures are in place, you can rest easy.

How do you deal with VoIP security threats? Share with us on Facebook, Google+, Twitter, LinkedIn, and Pinterest.

For a great selection of IP phones, SIP phones, VoIP phone systems, and more, visit Feel free to call 800-564-8045 with any questions.

Article Name
VoIP Security Threats
While the benefits of upgrading to VoIP are tremendous, the security risks can be worrying. Here are some common threats and ways to combat them.

Tags: , , ,

Phone System Support