As a VoIP device manufacture, we would like to share our view of VoIP attack that we experienced. We wish this article could help the VoIP users understand more about the VoIP attack and do the correct measure to protect your Yeastar devices.
Why does the hacker attack?
Generally speaking, it’s for economy purpose. No matter for personal free calls or for unspeakable business benefit.
The exception is white hat hacker might just for practice and also help the manufacture improve their security feature.
So what the hacker want to obtain?
- Sensitive information. Like extension registration password, SIP trunk information.
- System root permission. When the hacker gets the root permission, they are free to modify or steal the sensitive information.
How does the hacker attack?
Basically 2 stages.
First step is Sniffing. It probably would be engaged if your device has been made port mapping for SIP, HTTP, or SSH or other ports.
Once hacker sniff the open ports. The second step is the real attack. Hacker would utilize different kinds of tool to implement.
While you could pay attention to the 3 common way:
Hacker would try to use SQL injection to obtain the sensitive information.
Hacker who knows well about SIP protocol would try to utilize the unauthorized REGISTER or INVITE packets by brute force attack.
As our system is based on Linux, hacker would also try to get the SSH root permission by brute force attack or Linux vulnerability.
How to prevent VoIP attack for Yeastar device?
This can be divided into 2 parts.
- Request to setup International call limit per duration. Like limit 5 international call per minute.
- Also setup limit alert like alert call or alert email to your IT. Then you could get a quick response.
- Avoid unnecessary port mapping. Or use VPN instead. No matter VPN gateway or Yeastar VPN feature.
- Avoid to use default password for Web login and SSH login. And use complex password for the extension.
- Setup more security rules by check the security instruction: S-Series Security Settings
- Upgrade firmware when it includes security enhancement.