An Australian company received quite a shock when they got their phone bill and found that it was $120,000 higher than they expected. Investigators determined that attackers were able to access the companies phone system and place over 11,000 unauthorized international calls within a window of about 2 days.

The reports so far seem a little light on details. It does seem though that the attackers compromised both traditional PBX and VoIP systems. Toll fraud of this type has been around long before VoIP came into existence. In some cases, attackers are able to use social engineering tactics to trick a receptionist or employee into redirecting their call to an outside line. However insufficient or inadequate security controls can also be exploited by attackers to allow their unauthorized devices to place calls through the system. Or, in some cases attackers may just directly attack the VoIP server and gain access which would allow them to change configuration settings and authorize any devices they choose.

Again- toll fraud and some other attacks common to VoIP security have been around since Alexander Graham Bell invented the phone. The threats and the attacks themselves are not new to VoIP. However, the convergence of VoIP onto the same IP network shared by the rest of the network and the public Internet means that the voice systems are much more accessible and that it is easier to automate attacks and execute them more quickly.

Companies employing VoIP solutions should begin by realizing that their VoIP hardware and software need to be protected at least the same as other servers and applications on their data network. In addition, VoIP communications should be encrypted to prevent eavesdropping or call interception. Attackers might be able to gather information from unencrypted VoIP data packets that will allow them to compromise the VoIP system. One of the best defenses against this simple attack though is diligent monitoring. Call logs should be reviewed on a regular basis, or better yet some sort of VoIP IPS or anomaly detection system to automatically monitor activity and notify administrators and/or block suspicous activity when anomalies are detected.