You are at risk if you have any H.323 standards-based video conferencing endpoints on the open Internet and outside of a firewall.


Right now, the total cost of global telecommunications fraud is a whopping $46.3 billion per annum, and $4.7 billion of this is due to PBX and infrastructure hacking. It's on the increase, and these same criminals are now stalking your H.323 video endpoints. This is a new nuisance threat that has been brought to our urgent attention by a number of spammed businesses in different countries. One victim reported having a board meeting disrupted by a continual stream of nuisance calls!

These criminal spammers are relentless; they want 'dial-tone' and, once they've got it, they're in a position to commit a number of financially-damaging toll frauds.

Most common is the use of a hijacked dial-tone to make calls to bogus premium rate numbers. Common too is the commandeering of a service for use by a dubious call center, where over a short time, i.e. a weekend, they can rack up a bill of hundreds of thousands of dollars. It's the potential for toll fraud that has these same spammers dialing in to vulnerable H.323 systems: those that sit on the Internet and outside of firewalls. While toll fraud involving an H.323 endpoint is unlikely, the inconvenience caused and the need to decommission equipment will definitely result in financial loss.

Particularly as these spammers can, and do, have the power to make a mass of continuous nuisance calls, which may occur during one of your meetings, or at any time, day or night. It can be compared to those calls you receive at home, constant ringing but no one's on the other end. What's more damning is that the tools used to identify vulnerable systems are readily available. Using the same tools, and in seconds, StarLeaf's security expert was able to identify 150,000 exposed and vulnerable H.323 Cisco/Tandberg, Lifesize and Polycom endpoints.

The problem is that these endpoints are out on the Internet, primarily because H.323 endpoints cannot easily provide anyone to anyone connectivity if they're behind a firewall and surrounded by complex and costly infrastructure. And so they are completely exposed to these wannabe toll fraud spammers. However, take comfort in the fact that toll fraud is generally an issue for infrastructure and not the endpoint itself, although it is entirely possible for an ISDN connected endpoint to be hacked for financial gain. StarLeaf users are not subject to these attacks and any conference or meeting on our system will never be interrupted by a nuisance call.

StarLeaf endpoints are fully protected and installed inside of a firewall - which is possible as the StarLeaf Cloud uses an exclusive firewall traversal system, rather than operating outside of your firewall. Also, H.323 (and SIP calls) are directed through the StarLeaf Cloud and all the StarLeaf nodes have security measures in place that automatically blacklist calls from nuisance IPs. All StarLeaf customers are secure and safe from this new threat. However, this cannot be said for users of other systems, which are now completely vulnerable.

There is not yet a solution for H.323 systems other than being vigilant and manually blocking individual IP addresses or unplugging the system.

If you need advice and want to assess your risk of exposure or want more information on how we can help please contact us today.