The Security Risks Associated With Voip

The Security Risks Associated With Voip

Enterprise Networking Mag | Saturday, September 17, 2022

VoIP can be secure, but an overall cybersecurity framework must protect it. VoIP phones and plug-and-play networks may tempt some business owners, but these "easy" options leave businesses vulnerable to avoidable security threats.

FREMONT, CA: Changing office environments are not a secret. Remote work became feasible due to the pandemic, which accelerated the evolution. Zoom calls from the patio have replaced conference rooms and office buildings almost overnight.

Traditional office phone lines were the only technology that could not keep up. Premises-based phone systems still require a person to be at their desk or a receptionist to direct and route calls manually.

Voice over Internet Protocol (VoIP) phone systems have emerged. These systems utilize the internet rather than traditional phone lines and cabling, allowing for a level of network agility that is unprecedented. Suddenly, calls to the primary office line can be redirected to a receptionist in a different city and seamlessly connected to three representative cities (or states) away. A seamless and instantaneous user experience eliminates geographical limitations. VoIP systems are frequently more cost-effective and scalable than analog alternatives, making a good thing even better.

Overall, it is a desirable option for companies and organizations. This raises the fundamental question: is VoIP secure?


Businesses are entering the field of cybersecurity using the internet to conduct these calls. Here are some factors to consider.

Session Initiation Protocol (SIP): A Necessary Vulnerability

A VoIP phone call is more than just a phone call; it is a collection of data transferred online. SIP is the protocol that allows the device to communicate with the device businesses are calling by establishing a virtual connection and opening the line of communication. And, similar to any other digital message, it can be intercepted if the appropriate safeguards are not in place. SIP is not particularly secure by itself: It is essentially a text-based protocol, unlike email.

How can businesses safeguard their safety?

Confirm that the VoIP provider offers a secure connection.

Deploy a firewall that supports SIP to filter incoming calls for malicious content.

The IT team can establish a virtual local area network (VLAN) for internal communication. This is ideal for communication within the secure, private network's protected walls. It is ideal for internal communications but not for incoming or outgoing communication.

Denial-Of-Service (DoS) Attacks

There have been infamous examples of these in the news recently, including an attack on Google itself. In a Denial of Service (DoS) attack, the perpetrators flood the network with traffic (digital information packets), thereby preventing legitimate calls and communications. It would be comparable to clogging an already congested intersection with traffic, resulting in a complete standstill.

Vishing (Voice Phishing)

Phishing emails aim to dupe recipients into providing information that opens a major security breach with deceitful subject lines and convincing sender information. The same threats apply to VoIP systems; replace caller-ID with the subject line and forge sender details.

This coincides with the STIR/SHAKEN protocol and the FCC's intensified efforts to combat robocalls. This protocol reduces "spoofing" by digitally authenticating phone numbers, ensuring calls are from the actual sender. Multifactor authentication (MFA) is a robust solution for VoIP, requiring users to input credentials before system access.

Weekly Brief

Read Also