Page 1 of 1

VOIP Hacked?

Posted: Sun Jan 15, 2017 4:42 am
by LindaB
There are some suspicious entries on my latest VOIP bill & I know I definitely did not make calls to a number located in Bosnia. I have gone through my logs on the phone & the modem which show I did not make those calls. I never make international calls & these were all to the same number one after another for under 30 minutes each.
I have emailed billing about it & I also requested they block my VOIP service until it has been investigated so have to wait for them to act on it. Right now I am trying to work out how this happened & how to stop it again so any advice is welcomed because VOIP is new to me even tho I am a retired National network manager for mainframes & desktop networks.
My question is: Can VOIP be hacked & if so how do I prevent it ever happening again?
I do not make any calls via my computer & use an actual phone connected to the modem for my service so somehow they must have gained access to the account another way. I have security software on all of my computers which is updated automatically on a daily basis.

Re: VOIP Hacked?

Posted: Sun Jan 15, 2017 8:29 am
by Dazzled
They need your login details for the SIP registrar server. These are sent by your equipment or softphone when it registers, so wireless can be eavesdropped. Mobile devices can be mislaid. Softphones give up their information if the computer is compromised.

Call back and call forwarding features can be abused.

Every listening device has port 5060 open for UDP calling signals. A quick probe can spot this. The next step is to see if the modem has an open port or weakness that can be used for admin. If they can enter your system, or your ATA, they have your registration details. Never permit external config access.

I use a Linux gateway, and when I look at the logs I often see VoIP probes and a rejected packet for telnet or a Windows weakness shortly after. Domestic modem routers use the same iptables firewall.

VoIP is portable, you can telephone from anywhere with the account details. The user facility can restrict IP registration. Theft of service is a major international racket.