SIP trunk security

Protecting your SIP trunk against hackers

Concerned about the risk of having your local network and SIP equipment hacked? Sonetel has a wide range of safety functions designed to protect your SIP trunk against hackers. This helps you minimize losses.

There are many stories of how companies have had their SIP equipment hacked, and how this has caused huge losses for them. How can such risks be avoided? How can your SIP trunk be protected against hackers?



Why hackers want to hack your SIP equipment

Telephony services is an area that attracts a lot of interest from hackers. The classical way for hackers to make money in this area, is by hacking into the telephone system at your office and then generate tens of thousands of calls to expensive destinations. The hacker can then collect a kick-back from the carriers of the numbers called. This is called International Premium rate.

There are many companies offering phone numbers services with kick-back (we do not). Anyone can sign up with such a service and start a hacker career in just a few minutes.

SIP equipment can be hacked if it is not properly secured behind a firewall. There may also be bugs/vulnerabilities in SIP equipment that can be used as back doors.

It doesn’t help if you have a great unique password in case the hackers knows the back doors into your equipment.


Hackers use scripts to find your SIP equipment

Hackers do not need to know your IP address in advance. They use scripts that scan millions of IP addresses, sending small packets of data to each, to see what they get in return. The error message they may get in return will be a “fingerprint” that exposes what kind of equipment that is on each port on each IP address. Once the script has generated a list of discovered IP addresses and IP ports connected to SIP equipment of the desired type, the hackers can use other tools and methods known to work with that specific brand and version of SIP equipment.

New approaches to hack equipment is invented everyday. Vendors naturally provide try to close security holes with upgrades, but hackers are usually one step ahead. Many companies are also lagging behind in their upgrade of their SIP equipment, which increases the risk of being hacked.

Even if you do everything in your power to protect yourself, there will always be remaining risks. You can never fully prevent hackers from gaining access to your SIP equipment. You can only make it more difficult for them to make it worth their while

Here is how we help protect your SIP trunk against losses caused by hackers.



Spending limits per day

One way that we protect your SIP trunk against hackers gaining access to your SIP equipment, is what commonly is called a “velocity limitation”. In other words, something that slows down the speed of potential losses.

Each Sonetel account has a daily spending limit on outbound calls. The default is $10, but this can be increased as per your request. The change is done manually by us, and cannot be done by someone that gets their hands on your Sonetel password (in case you don’t store it in a safe place). We strongly recommend that you keep this daily limitation fairly low.

If you reach 80% of the daily limit you will be notified instantly by email.


Concurrent calls limitation

Hackers usually try to generate significant amounts of calls in a short time. To prevent that from being possible, we have a limit on the amount of concurrent calls allowed per company account.

The default limitation on concurrent outbound calls is 5. If you need to be able to make more concurrent outbound calls than that, let us know, and we will adjust it.

This change is done manually by our team and cannot be done by anyone that gets access to your Sonetel account credentials (in case you keep your password in a not-so-safe-place).


Manual traffic monitoring

Our NOC (Network Operation Center) monitors traffic patterns manually. If we see something unusual in our total traffic patterns we will investigate it and contact you.


Protecting your hacked passwords

Many people have the bad habit of using the same password at many sites.

While we have never been hacked (to our knowledge) – other sites do get hacked on a regular basis – which gives hackers access to millions of email addresses and corresponding passwords used at those other sites. These emails and passwords are sold via Darknet or made public, allowing other hackers to try the same email/password pair on thousands of other services, to see if the user by chance have used the same password elsewhere, allowing the hacker the ability to sign in there with the credentials and abuse the user’s account.

We do our best to prevent your account from being abused in case you are use the same password for your Sonetel account as you do at some other site that gets hacked.

We do this by subscribing to updates of email addresses that are known to be hacked. If any of our customer’s email addresses are reported to be included in a password leak at another site, we will automatically lock the customers account in a way that forces a password reset upon the next sign in attempt. The account locking does not stop calls from working or the service in any way. It just prevents new sign in to our web portal.


These are just examples

We have an abundance of other security functions designed to protect your SIP trunk against hackers. But we do not disclose information about these.



Photo by Stillness InMotion and Jake Walker on Unsplash