Menu Home

SIP Security: Whitelists to the Rescue

For those considering secure calling options for their businesses, this might provide you some ideas for your next intelligent business decision.

Hoiio SIP provides low cost, high quality SIP trunking solutions for IP private branch exchange (PBX) phone systems. Our affordability does not mean we compromise on security and leave our subscribers with non-secure SIP lines. After all, we call them solutions.

Here’s what it means to use a SIP line. SIP lines are processed via the Internet to make its phone calls instead of the traditional method of underground phone lines. The very nature of the Internet makes SIP calls vulnerable to hackers.

Case Study

On November 24, 2011, a syndicate of experienced hackers were arrested by the Philippine National Police’s Criminal Investigation and Detection Group. They targeted vulnerable PBX systems or which had default passwords in order to gain a list of usable numbers to turn a profit.

Companies would provide SIP numbers and a security code to their employees to allow them to make calls via the company’s PBX. The security code may be as few as four digits long and thus easily hacked. The hackers used an automatic dialing software to locate usable numbers with a dial tone, and then sold these numbers with the hacked security codes to resellers operating cheap overseas call services.  Companies whose PBX systems were hacked ended up with massive phone bills which telecommunication companies seldom waive, the argument being that the PBX is not equipment provided by the telecom.

Better Safe Than Sorry

Prevention is better than cure. The Hoiio team has worked hard to implement anti-fraud measures in order to safeguard its SIP Trunk subscribers. We have two gateway security measures in place:


1. IP Whitelist

The IP whitelist defines the IP addresses which can make calls via Hoiio. When a SIP call is made, the IP whitelist identifies the IP address of the person making the SIP call. If the IP address is recognised as belonging to the company the IP-PBX is registered to, the call gets through. A hacker would be unable to successfully make his call because his IP address would be recognised as unauthorised, and thus the call gets rejected.

2. Country Whitelist

Every company can select the countries it intends to make calls to, and specify these in their account settings. This list of countries is therefore the country whitelist. Hackers beware, because any attempts to make overseas calls to countries outside the country whitelist will be blocked.




Categories: Communication SIP


%d bloggers like this: