The problem of VoIP call fraud, particularly on networks running the Session Initiation Protocol (SIP) is growing. Call fraud occurs when attackers make use of IP connections to penetrate VoIP systems and make free calls at the expense of the victim. Many attackers make use of SIPVicious, a package that is freely downloadable from the Internet, to locate vulnerable systems. Any phone system with an Internet connection will have already been targeted.
If that system is not adequately protected, the attacker will then proceed to make calls. Often the first the victim knows about the problem is when their phone bill arrives. To quantify the problem, UM Labs recently set up a honey pot system to determine how long it would take for the system to be found. Within 24 hours the system was discovered and multiple calls were being made to overseas locations including mobile phones in Mali and Haiti.
PBXs are vulnerable if they are not correctly configured. While a reputable SIP trunk provider will offer advice on correctly configuring the PBX, this can be a difficult task as the protection needed to block fraudulent calls can conflict with the configuration needed to allow access from remote users.
To solve this problem, UM Labs have added a number of sophisticated call fraud checks to their SIP Security Controller – an affordable Session Border Controller (SBC) designed for corporate use and, in contrast to some other SBC products, includes comprehensive SIP security to protect against call fraud and other threats.
The new call fraud controls include automated filters to detect and block attack tools such and SIPvicious, reinforced with controls to detect suspicious call patterns. These filters are complemented by blacklists that block known attack sources and which can limit calls made via SIP trunks by country code or area code. The controls also include easily configurable call rate limits to prevent any user, malicious or otherwise from, making excessive volumes of calls.
Peter Cox, CEO of UM Labs commented, “The call fraud controls in the latest release of our SIP Security Controller are designed to simplify the task of securing a SIP based PBX and to allow a user gain full benefit of a SIP trunk while minimising the risk of call fraud.”