Voice over IP, or VoIP, is an internet technology that relies on online infrastructure to make phone calls. Techniques developed during the frontier days of hacking, phone phreaking, are becoming relevant through VoIP networks. Mobile devices, smart homes, and voice-activated virtual assistants provide many new angles for hackers. This section explores the history of phone phreaking, its evolution into Voice over IP networks, and how organizations can protect themselves against these attacks.Phone phreaking
has always been a cornerstone of the hacking industry. Initially carried out by the original hacking enthusiasts, phone phreaking entails the exploitation of phone networks and automated menus through special number codes and connections. For example, a phreaking attack may involve getting free long-distance calls, gaining unauthorized access to phone networks, and creating hidden group calls on the network’s infrastructure. Phreaking is an old technique, but it is gaining a resurgence in popularity with the development of Voice over IP (VoIP) networks. This section will explore the history of phone phreaking, how it was adopted to the 21st century via VoIP, and how to protect against VoIP attacks.Phone phreaking can be traced all the way back to the 1950s. In the beginning, “phone phreaks” would spend their time dialing to understand how phone networks worked, build special devices for automatic dialing, and even impersonate operators and other phone company employees. As phone networks grew in size and complexity, phone phreaking eventually evolved into the exploitation of computer networks and what we know as “computer hacking” today. A lot of the early phreaking
activities parallel the techniques used by modern hackers including unauthorized collection of hidden data, concealed group communications through exploited networks, unauthorized access to information networks, and other core activities of computer hacking.Voice over IP, or VoIP
, was developed as a method of transmitting low-latency voice communications over the internet. Essentially, VoIP was developed to function as a standard phone network through internet communication protocols. This differs from standard phone networks that rely on PSTN, or Public Switched Telephone Networks. In order to understand VoIP phreaking, we can look at a recent attack. DolphinAttack
, developed by researchers at Zhejiang University, is used to exploit mobile virtual assistants that rely on speech recognition. Commands are transmitted above the range of human hearing (~20,000 kHz) and registered by mobile assistants. Combined with the prevalence, flexibility, and blind trust put into virtual assistants, the DolphinAttack grants unprecedented access to the target’s digital services. Smart homes and interconnected devices allow an attacker to access doors, control lights, order takeout, call an Uber, make calls, and carry out virtually any other function with complete discretion. However, this attack is limited by physical access to the device, interaction with the owner in the vicinity, audibility, and access to audio transmission devices. Other VoIPhreaking methods include DDoS attack calls, unauthorized phone service purchases, and Caller ID spoofs.Protecting against VoIP attacks involves standard procedures for network security, and these procedures are typically carried out by network administrators. This includes encryption of public communications, consistently strong passwords through good password creation policies, the use of Virtual Private Networks (VPNs) to protect communications, regular vulnerability assessments, and training for safe user practices. This training usually covers safe web-browsing practices, how to recognize and avoid phishing, and secure use of mobile devices within the organization.VoIP hacking has spurred the revival of phreaking and the development of unique, creative approaches towards hacking communication networks. Phreaking relies on creativity and the clever application of technology towards new uses. Mobile phones, AI assistants, and smart homes provide new avenues for voice-based attacks. Utilizing and exploiting these emerging technologies is a task left to hack enthusiasts and cybersecurity professionals. New generations of hackers are developing exploits for the networks and technologies they were born into while old methods gain new life in the context of modern networks.