hand dialing keypad on phone

Can your office phones be hacked?

by Teresa Meek


Overview of the dangers of using a VoIP system, and what you need to do to be prepared.

Read time: 4 minutes

Internet-connected work phones pose some of the same security risks as your computers — and a few more.

Your company likely invests in security systems for its PCs and laptops, and trains employees on BYOD safety.

But what about your office phones?

If you’re using a VoIP system, (and odds are you are), then it’s easy to forget that you’re not just dealing with regular phones, but a complex system full of security risks. Here’s an overview of the dangers and what you need to do to be prepared.

The threat landscape

If you’re happy with your internet-based phone system, you’re not the only one.

Hackers love VoIP. It was developed before broadband and modern cybersecurity threats. Though most providers now offer security, the service has traditionally lagged behind its computer-based peers in safety measures, and is scrambling to catch up.

Why would anyone want to hack into your phone system?

Perhaps you think your company is too small or low-profile to attract attention from hackers — but don't count on it. Hackers are like burglars: They aren’t necessarily looking for the richest house on the block, but the easiest to break into.

The internet makes it easy for them. Many hackers use Shodan, which has been described as “the world’s most dangerous search engine,” because it describes the IT characteristics and weaknesses of sites that can be hacked.

So what can you do to protect yourself?

Make sure your VoIP provider offers multiple layers of security. Here are some protocols your IT manager should ask about:

  • Antivirus Protection: You wouldn’t let your computers run without it, and you should apply the same thinking to your phones.

  • Password Authentication: The system uses passwords, and a user must input the correct one for the call to go through.

  • Three-Way Handshake: Adds a third layer to the password system for more security.

  • Secure Real-Time Transport Protocol (SRTP): Real time encryption of voice streams. This adds cost and can cause delays in transmission, but given the magnitude of the threat, it may be worth the tradeoffs.

  • Transport Layer Security (TLS): Encrypts the types of messages that can lead to DoS attacks.

  • Deep Packet Inspection (DPI): Blocks unauthorized incoming data packets.

  • Session Border Controller (SBC): Guards the protocols that control voice calls, keeping them safe and ensuring high quality.

Besides installing security measures, you should regularly audit your VoIP system for suspicious activity and disallow calls to countries you don’t do business with.

Keep your business and critical information secure...

Take measures to ensure your phone communication is as safe as...

Learn about Cloud VoIP Services

Recommended for you

Defining Hacking & 11 Essential Hacking Terms
Defining Hacking & 11 Essential Hacking TermsArticles

Defining Hacking & 11 Essential Hacking Terms

Get to know the basics of hacking with our guide to 11 key hacking terms. Uncover the vocabulary and concepts that make up the world of cybersecurity.

Data Risk Assessment Checklist
Data Risk Assessment ChecklistArticles

Data Risk Assessment Checklist

Learn how to conduct a content risk assessment, identify critical data that is exposed and put a plan in place to avoid security breaches.

Digital Forensics for Kramon & Graham
Digital Forensics for Kramon & GrahamCase Studies

Digital Forensics for Kramon & Graham

Learn how Ricoh's Digital Forensics Services helped Kramon & Graham recover $8.5 million through a default judgment, prove data wiping and spoliation of ESI.