Here is a link to a YouTube video describing a new VoIP Security scanner/penetration tool named "Bluebox-ng". I have not played with it, but it looks pretty cool. It has been a while since we have seen any new VoIP security tools.
Here is a link to a good article in a national publication, the New York Times, on the growing issue of toll fraud. Toll fraud has been around for many years, but continues to get worse for a number of reasons.
Jon Arnold made several blog posts on toolbox.com on VoIP security. Here is a link to the latest one, discussing toll fraud:
Here is a link to a good video on VoIP and SIP security.
Patrick McNeil covers how to hack SIP servers, at service providers and enterprises, to make money. The presentation is useful because it covers why someone might bother to hack these servers, namely:
- Toll fraud or International Revenue Sharing Fraud (IRSF) - basically using someone elses PBX to generate calls to premium numbers set up by the hacker or where the hacker has an agreement with the owner to generate traffic.
- Telephony Denial of Service (TDoS) - using someones PBX to target a business or individual. The attacker makes money through extortion.
- Robocalling/SPAM - using someone's PBX to make many SPAM or vishing calls to individuals (this was briefly mentioned).
At the end of the presentation, there is a brief TDoS demo.
Note that another way to make money is call pumping, where the calls are to 1-800 numbers and the attacker gets a share of the revenue, but this arrangement is more difficult to set up.
Here is an interesting article about the relevance and techniques for wardialing in 2014.
We just completed another video on VoIP and UC security. This one covers our recently released Communications Security - State of Voice Security Report.
The Hacking Exposed: Unified Communications and VoIP book is finally done!!!
Here is an online version of Avaya's VoIP Security for Dummies book.
Avaya published a "VoIP Security For Dummies" book on Slideshare.
J. Oquendo has created the "VoIP Abuse Project" or "VoIP Blacklist Project"
I am going to write a series of posts on Telephony Denial of Service (TDoS). I thought I would start with a brief description of how attackers actually generate automated TDoS attacks.
I did a question and answer article for the folks at Connect Converge, on the topic of VoIP/UC security
SecureLogix just released our 2013 Voice and Unified Communications State of Security Report.
By now most everyone has seen all the press surrounding security issues with Cisco UC/VoIP phones.
Here is a link to an article covering a couple of vulnerabilities with Cisco VoIP phones.
I thought it would be a good time to post MY OWN list of what see as the 8 most common UC threats (I even provided a chart).
Here is a link to a brief article on the top 8, most common VoIP/UC security issues. I do agree with some of this, although I would have included toll fraud and TDoS as issues:
Here is a link to a new blog on UC/VoIP security.
Here is an article from earlier in the year on VoIP phishing/vishing.