How to avoid ‘phone phreaking’
What is a ‘Phone Phreak’?
A phone phreak is someone who loves exploring the telephone system and experimenting with it to understand how it works.
How does this affect you and your business?
The danger lies in that some ‘phone phreaks’ use their skills to make free telephone calls and wiretap telephones or steal telephone company equipment.
When a ‘phreak’ manages to break into a VoIP system, they can impersonate an authorized user to perpetrate toll fraud and use the system to place calls. The charges for these calls are then billed to the customer or system owner.
Impersonation attackers may take this a step further by recording conversations, which may include voice-sensitive passwords or pass codes for access to financial records.
Securing VoIP end points is a good way to mitigate the risk of ‘phreaking’!
So ‘telephone phreak’ has two meanings:
- On the positive side it describes somebody who is curious about the telephone network and likes to explore it.
- On the negative side it means somebody who likes to break into or abuse the telephone network or makes phone calls without paying.
Phone Hacking or ‘phreaking’ is thought to cost the UK over a £100 million a year! This may seem hard to believe but past cases have seen bills of over £35,000 from hacking where system routers were used to make than thousands of calls, and most of them to premium numbers.
The risks and how to avoid them:
VoIP risks extend beyond tool fraud, voicemail hacks, and eavesdropping.
IP phones can be entry points into your business network as VoIP calls and voicemail messages data are susceptible to data network attacks.
Whether you use a hosted IP phone service or an on site VoIP system, protecting the voice network is much like protecting the data network.
The security policies and technologies can be complex, depending on; your goals (including compliance requirements), users applications and locations, and the IP phone system you are using, whether on site or hosted.
Take advantage of features on your VoIP system that enable security:
- Control voice network access by device certificate and/or user name and password.
- Restrict certain types of calls allowed on the network, by device, user, and other criteria, such as time of day.
Apply physical and logical protection:
- Set up a firewall and intrusion prevention system (IPS) to monitor and filter unauthorized VoIP traffic, and track unusual voice activities.
- Centralise administration and use domain restrictions and two-factor authentication for administrative access, including the credentials, signalling data, and configuration files.
- Regularly install OS updates, and limit software loading on phones.
Implement strict security with users!
Apply strong passwords to access the voicemail box. Immediately change the default password to a strong password, and then change it as often as your company policy dictates for changing login and email passwords, preferably monthly – it may seem like extra hassle but it helps prevent ‘phreaking’!
Make sure users are deleting sensitive voicemail messages as soon as users have listened to them. Not storing voicemails is the easiest and most effective way to protect them!
Immediately report anomalies. You may not know a phone has been hacked until an employee reports an odd occurrence, such as a saved voicemail message that has been deleted or forwarded to an unusual number.
These are just some of the security measures that you would need to think about when adopting cloud telephony and to avoid ‘phone phreaking’ in general!
For more information on Telephone Fraud, check out our ‘Guide to Combating Telephone Fraud’
If you have any issues or would like to know more about protecting yourself from cyber criminals, contact Concert on:
0808 208 2400 or visit our website: www.concertnetworks.co.uk