Richardson, Texas, June 8, 2009 " Sipera Systems, the leader in real-time Unified Communications (UC) security, today reported that VoIP toll fraud continues to escalate, based on evidence uncovered in numerous VoIP and UC architectures.
Across dozens of security architecture reviews and solution deployments, Sipera's security experts have discovered numerous cases of vulnerabilities commonly exploited for toll fraud, including confirmed fraud resulting in losses ranging from a few thousand dollars to hundreds of thousands of dollars.
The vulnerabilities affect both enterprises and service providers, and they stem from widespread gaps in insufficient VoIP and UC security architectures. Toll fraud occurs when unauthorized users, often external to the service provider or enterprise, exploit vulnerabilities to make toll calls to domestic or international locations. The unsuspecting enterprise or service provider is subsequently hit with extraordinarily high toll charges or call termination charges that have no clear cause.
"We'd expected a correlation between growing awareness of VoIP and UC vulnerabilities and security best practices, and a decrease in toll fraud activity. But we are finding the opposite, that toll fraud actually is on the rise," said Adam Boone, Vice President of Marketing at Sipera. "Our customers are being proactive and designing effective security architectures that prevent toll fraud. But fraudsters are aggressively figuring out how to exploit common security gaps found in many VoIP and UC deployments at enterprises and service providers that have not yet focused on this problem."
The primary security architecture shortcomings leading to toll fraud include:
Telecom Connectivity Vulnerabilities: Many enterprises have moved to SIP trunking for low-cost telecommunications connectivity. Unfortunately, these enterprises often rely on Session Border Controllers for security of real-time VoIP and UC traffic, making them highly vulnerable to toll fraud. In production security architecture analysis, Sipera has identified nine common configuration errors, vulnerabilities and functional limitations that leave enterprises using SBCs for VoIP security exposed to toll fraud risk.
Application-Level Vulnerabilities: In many cases, application servers, voicemail systems, and other communication systems can be easily exploited by fraudsters because of weak passwords and authentication schemes. Furthermore, security policy enforcement mechanisms in such systems are often inadequate to stop fraudsters from using them to gain access to toll calling facilities.
End-Point Vulnerabilities: Weak security on user devices and inadequate authentication schemes enable fraudsters to exploit these devices to pose as authorized users and gain access to toll calling facilities.
"Toll fraud has been around in many forms for a long time. But VoIP and UC bring with them new security architectures that give fraudsters new openings to perpetrate this old crime," said Ryan English, Vice President of Product Management at Vigilar.
"We are helping our clients to adopt proper security best practices to prevent toll fraud, and our work with our partner Sipera is helping to keep VoIP and UC security architectures well ahead of the fraudsters."
Vigilar, (http://www.vigilar.com) a leading provider of information security solutions and services, helps customers improve their security postures.
Along with partners like Vigilar, Sipera Systems and Sipera's VIPER Lab security research and consulting arm offer these solutions to customers seeking to improve their defenses against toll fraud:
Security assessments: Sipera's VIPER Lab offers the industry's most advanced VoIP and UC security architecture consulting services, including VoIP penetration testing and comprehensive UC vulnerability assessments. Learn more at http://www.viperlab.net
Seamlessly integrated security appliances: Sipera's award-winning UC-Sec security appliances are the industry's only purpose-built, comprehensive security solutions designed for real-time VoIP and UC traffic. Used in dozens of deployments worldwide, UC-Sec prevents toll fraud in VoIP and UC via policy enforcement, access control, threat mitigation and encryption. UC-Sec fits flexibly into any security architecture to complement and enhance an enterprise's security posture.
About Sipera Systems
Sipera Systems, the leader in real-time UC security, enables enterprises to simplify and confidently deploy their VoIP and unified communications over any network to any device while service providers can protect and quickly offer new IP-based communication services. Backed by the extensive vulnerability research of the Sipera VIPER Lab, the Sipera UC-Sec products provide comprehensive threat protection, policy enforcement, access control, and privacy in a single, real-time appliance. For more information, visit http://www.sipera.com.
Sipera, Sipera logo, Sipera UC-Sec, Sipera UC-Sec 210, Sipera UC-Sec 310, Sipera UC-Sec 410, Sipera UC-Sec 510, Sipera UC-Sec 520, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc.
Jan Jahosky, Turbo PR for Sipera Systems, 407-331-4699, [email protected]