Cookie Preference Centre

Your Privacy
Strictly Necessary Cookies
Performance Cookies
Functional Cookies
Targeting Cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, your device or used to make the site work as you expect it to. The information does not usually identify you directly, but it can give you a more personalized web experience. You can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, you should know that blocking some types of cookies may impact your experience on the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used

Google Analytics

Functional Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used




Targeting Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used


This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties


Upcoming Events

How To Get Published on




How To Enter the 2020 Members' Choice Awards - For Vendors

Voice Hacking - No Victim Is Too Small - Dialogic - Blog

Voice Hacking - No Victim Is Too Small

Everywhere in the world, small and big enterprises spend a considerable part of their budget on Antiviruses, Firewalls, and other appliances to protect their network and data. The typical network hacker usually targets the larger enterprises which are potentially a better mark with deeper pockets and lucrative secrets to keep. The PBX hacker though does not care about your enterprise size, because you can be as lucrative as any other company one hundred times bigger than you. When telephony shifted to IP, it brought many advantages, but it also exposed the voice to the same threats as the network. Being able to access your extension and use it outside the office via internet is great for both you and the hacker. It opens a potential door that the older PSTN PBX’s had not. Interestingly enough, most of the time, IT administrators are concerned about the Wi-Fi, router, email, and other services authentication processes but end up neglecting the PBX. Maybe the new mindset hasn’t settled in yet and the PBX is not being given the same importance as the company’s firewall or router as a defense point of the enterprise network.

Not long ago, I witnessed a situation at a small enterprise that got a two hundred thousand US dollar phone bill. The cause was simple: a default password had not been changed on the PBX which was connected to the Internet. This resulted in thousands of calls fraudulently made to exotic locations such as Sierra Leone and Moldavia. With typical network hacking methods, such as Ransomware or others, the victim has the choice to pay the hacker or not. The only consequence of the decision of not paying the hacker will be the data not being recovered. On the other hand, you cannot exactly tell your service provider you are not paying the phone bill because you were hacked…The severity of this issue is not to be ignored and can bring even a decent sized company to its knees. Yes, VoIP brought tremendous advantages but it also introduced several deadly traps. Luckily, protecting the enterprise voice service has evolved and it does not depend exclusively on the IT administrator using complex passwords or firewall rules.

The evolution of Unified Communications (UC) and subsequently Unified Communications as a Service (UCaaS) has hardened the defensive mechanisms of enterprise communications. The fact that the systems can run on a typical COTS server with increased compute power allows running complex defense mechanisms when compared to the ability of old hybrid PBXs. One of these mechanisms involves Machine Learning (ML). The typical voice protection systems are based on rules, which in my view can either be too permissive and still allow some dubious behaviors to occur, or too strict and have the IT administrator waste more time acknowledging false positives and adding certain numbers or routes to the whitelist. When it comes to enterprise voice, one cannot assume that the premise “one size fits all” applies. Each enterprise has different call behaviors. Just because a country is likely to be connected to call fraud, does not mean every single call to that country is fraudulent. This is where ML is extremely effective. It can analyze your typical trends and behaviors and flag only what is unusual. Rules are static and a hacker can get around them simply by testing the waters until he finds the weak spot. ML is dynamic and the alarm threshold changes based on the current call flows when compared with the historical behavior.

When choosing a UC or UCaaS system, do not overlook the type of protection it offers. Chose a system that offers real-time detection and dynamically changes the permissions based on your company’s profile. The previously mentioned small enterprise that got hacked could have benefited from this since an ML-enabled system could have flagged and blocked those calls. If not for the unusual destination, it would definitely have spotted the sheer unusual number of calls. The typical excuse for not getting proper protection for the voice system is that the enterprise is too small and doesn’t need to spend that amount in “just” protecting the voice system. Well, that voice system can be “just” the cause of the enterprise’s demise. So, when it comes to PBX hacking, no victim is too small.


Publish Date: April 25, 2017 5:00 AM

2020 Buyers Guide Call Routing Optimization

Eastwind Communications

Eastwind sells Oracle, Ribbon, and Dialogic SBC and routing solutions for both premise-based and cloud-based deployments along with Microsoft Teams integration. Eastwind offers managed service offerings and complete 7x24 support.
PH: 508-862-8600

Lieber & Associates

Call Routing and Contact Center Optimization
L&A provides consulting services to optimize contact centers, including call routing, skills-based routing, and multi-location routing. The firm's senior consultants have several decades of experience each in this area and work with all vendors' systems. L&A's president pioneered skills-based routing.
PH: +1-773-325-0608

View more from Dialogic

Recent Blog Posts:
Scaling in the Cloud – Avoid Flying Too Close to the SunDecember 17, 2019 5:00 AM
SD-WAN’s Relationship with UCaaSDecember 12, 2019 5:00 AM
Hearing and Seeing the Difference in UC PlatformsNovember 7, 2019 5:00 AM
Microservices Architecture – What is it, and why should I care?October 31, 2019 5:00 AM
Panning for “Killer Apps” in the Gold Rush of 5GFebruary 14, 2019 5:00 AM
The Dialogic BUZZ UC Platform Swiss Army KnifeOctober 24, 2018 5:00 AM
DialogicONE - IoT SolutionsOctober 22, 2018 5:00 AM
Dialogic PowerMedia MRF – A Solution You Can Depend OnSeptember 25, 2018 5:00 AM
Enabling WebRTC with the Dialogic PowerVille Load BalancerJuly 16, 2018 5:00 AM
Telecom Meets Digital: The Importance of Establishing ControlsMay 24, 2018 5:00 AM
Submit Event

Upcoming Events

15th annual Best Practice Conference - this is the contact center world's most highly rated event - a whopping 100% of delegates say they would recommend it!

100's of best practice tips and ideas from contact center professionals Read More...

Survey - Online Event

Latest Americas Newsletter
both ids empty
session userid =
session UserTempID =
session adminlevel =
session blnTempHelpChatShow =
session cookie set = True
session page-view-total =
session page-view-total =
applicaiton blnAwardsClosed =
session blnCompletedAwardInterestPopup =
session blnCheckNewsletterInterestPopup =
session blnCompletedNewsletterInterestPopup =