VOIP Hacked?

VOIP setup and troubleshooting
Post Reply
LindaB
Posts: 76
Joined: Wed Feb 24, 2010 10:56 am
Location: Australia

VOIP Hacked?

Post by LindaB » Sun Jan 15, 2017 4:42 am

There are some suspicious entries on my latest VOIP bill & I know I definitely did not make calls to a number located in Bosnia. I have gone through my logs on the phone & the modem which show I did not make those calls. I never make international calls & these were all to the same number one after another for under 30 minutes each.
I have emailed billing about it & I also requested they block my VOIP service until it has been investigated so have to wait for them to act on it. Right now I am trying to work out how this happened & how to stop it again so any advice is welcomed because VOIP is new to me even tho I am a retired National network manager for mainframes & desktop networks.
My question is: Can VOIP be hacked & if so how do I prevent it ever happening again?
I do not make any calls via my computer & use an actual phone connected to the modem for my service so somehow they must have gained access to the account another way. I have security software on all of my computers which is updated automatically on a daily basis.

User avatar
Dazzled
Volunteer Site Admin
Posts: 5999
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: VOIP Hacked?

Post by Dazzled » Sun Jan 15, 2017 8:29 am

They need your login details for the SIP registrar server. These are sent by your equipment or softphone when it registers, so wireless can be eavesdropped. Mobile devices can be mislaid. Softphones give up their information if the computer is compromised.

Call back and call forwarding features can be abused.

Every listening device has port 5060 open for UDP calling signals. A quick probe can spot this. The next step is to see if the modem has an open port or weakness that can be used for admin. If they can enter your system, or your ATA, they have your registration details. Never permit external config access.

I use a Linux gateway, and when I look at the logs I often see VoIP probes and a rejected packet for telnet or a Windows weakness shortly after. Domestic modem routers use the same iptables firewall.

VoIP is portable, you can telephone from anywhere with the account details. The user facility can restrict IP registration. Theft of service is a major international racket.

Post Reply