Telephone System Hacked Into Remotely

An Inadequately Secured Telephone System Can Be Hacked Into Remotely

Did you know that some hackers and scammers target telephone systems?  Phone hackers are very good at what they do, and in just a few hours, you could be held liable for thousands of dollars worth of fraudulent charges.  In 2009, a Boston business owner was given a bill for nearly $900,000; just this past May, a St. Louis based real estate agent received a bill for around $600,000.  As a result of all of the the recent system hackings (like Snapchat, last week; Target, last month) people have security on their minds. Read on to learn about hacked telephone systems and what you can do to protect yourself and your business from phone hackers.

Ways Phone Hackers Can Exploit Improperly Secured VoIP Systems:

Call Forwarding

  1. Using easily available software, vulnerable phone systems are detected.
  2. The systems are hacked into — often by having the software rapidly test out passwords until the correct one is discovered.  This works, because people often do not change the default password, or they use a simple one like “1234”
  3. Finally, the hacked system is programmed to forward calls to a premium-rate number (ex: foreign country, satellite phone, toll number…).

Voice Mail

This can sometimes be done by guessing people’s voicemail passwords.

  1. After the phone hacker discovers the user’s voicemail password, the phone hacker calls and leaves a voicemail with a premium-rate number as a “call back” number.
  2. They’ll then log in to the person’s voicemail and initiate the call back, which ends up being routed to the premium-rate number.

Note: Other methods and schemes for exploiting VoIP, do exist.  The aforementioned are just a couple that are more common.   


How Does the Phone Hacker Profit?

  • The phone hacker will have a pre-arranged agreement with the provider of the premium-rate number (if they’re not the provider themselves), in which they will get a share of the profits in exchange for routing large volumes of calls to or through the premium-rate number.  The same thing goes for having a call routed through a satellite phone number, or other number: the phone hacker usually has a financial incentive — though, systems are sometimes hacked for other reasons.


What Can You Do to Protect Yourself and Your Business from Phone Hackers?

  1. For your voicemail, and with any equipment, change the default passwords.
    • Don’t use simple passwords like “0000” or “1234”.
  2. Ensure that your VoIP provider has the following options available. With Steadfast Telecommunications, the following are enabled by default (but can be changed at the request of the customer):
    • Calls to certain countries are blacklisted (blocked).
    • Calls to certain countries can be whitelisted (allowed) if you know that you will be making calls to these places.
      • If you opt for this, then the minimum number of phones possible should be authorized to initiate international calls.
    • Only permit calls to be placed when the per minute rate is less than or equal to a specified amount.
      • Likewise, block calls where a per minute rate is not known.
    • Calls should automatically be disconnected after a specified amount of time (with re-routing hacks, the hacker will keep the call going as long as possible to build up charges).
    • Block known premium-rate numbers (ex: 900s).
    • Phones should always have updated software
    • Proactive protection features:
      • Analysis of call patterns in order to detect unusual activity. Upon any such activity, the suspect calls can be terminated until you authorize them.
  3. You may want to consider using a prepaid account, once you know what your average monthly bills are. This way, if you are hacked, the amount that is prepaid is the greatest amount of money that you will be liable for. Once the limit is reached, your service is blocked until you add money to the account.
    • This one is especially a good idea since a lot of damage can be done in a very short amount of time.
  4. You should also consult with your provider to see what other options they offer for reducing your risk of becoming a victim of hacking and telephone fraud.

Don’t let your business become a victim of telephone system fraud.  In the cases of the Boston business owner, and the St. Louis real estate agent, they were given a reprieve from their phone companies (after being put through negotiations and stressful encounters with customer support).  It’s always better to be safe than sorry, and it doesn’t take very long for significant charges to add up (the real estate agent’s bill of $600,000 took less than 24 hours to accumulate).

As always, I encourage you to leave a comment below.

  • Do you have any questions about security regarding your Business’ own VoIP system? You can also call us at (855) 783-2332 if you would prefer.
  • Have you ever experienced your system being compromised by phone hackers, or know someone who has?  How was it resolved?