Could your phone system be a security risk waiting to happen? Jason Green, Marketing Manager, Snom, said ‘yes,’ when we sat down to discuss the security of IP phones. He continued, saying: “When a burglar wants to break into a house, they generally conduct their own risk assessment before doing so.”
These individuals ask vital questions like: Is there anyone at home? How difficult would it be to open locked doors or windows? Is there an alarm system? If the answer is yes, can it be disabled with ease? These are similar considerations that Green says hackers weigh when hacking a business phone. “The principles are alike, but the scale is different,” he noted. According to Green, the global VoIP market could reach as much as $93.2 billion by the year 2024, making phone system hacking a lucrative enterprise for skilled cybercriminals, he continued:
“With the potential for intrusion growing each year, carriers, service providers, system integrators, IT administrators, users, and of course, hard/software vendors, as well as manufacturers, must focus on and improve network security”
Gaining access to a telephony system requires hackers to have the password of the device they want to break in to. Getting this password and compromising an IP-PBX system means that hackers have to identify an IP extension on the network and blast the device with various passwords with the hope that one will work. “Although this sounds like a long shot, many users do not change their passwords from the default setting,” said Green. He said that the way things work today, cyber intruders can send thousands of passwords to an extension within a few minutes, increasing their chances of success.
“Often, it does not take long for the hackers to guess the right password and logon to an IP-PBX system,” he maintains. Hackers can even identify vulnerabilities in a system so they can overwrite password requirements. There is also the concept of social engineering – this is when attackers use phishing methods like posing as IT administration so they can illicitly capture employee login credentials.
All the risk and for what kind of reward? Once a hacker gains access to an IP phone system, they can find plenty of creative ways to disrupt even the most seamless workflow, which could lead to revenue loss and more. A group of researchers at Check Point Research uncovered what they call ‘A large and likely profitable business model that involves hackers exploiting certain VoIP services.’ The act allowed them to make phone calls through a company’s compromised system.
There are even more creative kinds of attacks, ones that can lead to proprietary technology getting exposed along with other sensitive information that is sometimes held ransom only to get released for a sum of money. Green said this is why Snom not only provides what he calls a reliable lock for your back door, front door, hatch to the cellar, and all the rooms in your house – it even supplies the keys to these locks. Green added:
“It is still the homeowner’s job to ensure that the doors are actually locked, but we do run automated security test protocols every day to assist”
This means that Snom proactively finds and patches any security threat before customers discover that there is an issue. To complement this, Green said the Snom Service Hub is a portal where customers can find how-to articles and other valuable resources that teach them how to keep their devices secure.
