We use cookies from Google so we can see how people come to our site and what pages are visited, Facebook and Twitter so that we can give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CTi website. However, if you would like to, you can change your cookie settings can at any time.

Sales and Advice
01242 621641

01242 621644

Home | FAQs | How can I stop my Phone System from getting hacked?

How can I stop my Phone System from getting hacked?

In the past most telephone hackers have been based abroad, registered a device on your phone system and overnight / over the weekend made thousands of calls, many simultaneously to premium rate international numbers. Come Monday morning your call provider alerts you to this and then presents you with a bill for thousands of pounds.

Recently we have found that hackers are now exploiting premium UK numbers as well.

What can your Call Provider do?

Our providers use a few tricks to help keep you safe, one puts a cap on your bill and warns you / blocks any more calls when that amount is reached. They also let you set a maximum cost for the first minute of the call, as this protects you from high connection as well as per second charges. The other looks for repetitive International calls, and then blocks the line for a given time.

What can be done to secure my phone system?

Get us to Call Bar International numbers starting 00 – we can then allow specific countries / numbers that you need to call

Get us to Call Bar expensive UK numbers i.e. 070, 087, 09

If your system supports dial 9 for an outside line, then Call Bar 9070, 9087, 909

Hacks predominantly happen out of hours, so we can load some call cost data and put a limit of say £10 worth of calls then the SpliceCom SV1000 will Call Bar the lines when that amount is exceeded out of hours say between 7pm and 7 am

Sometimes they just make long expensive calls, with the cost not being calculated until the end of the call, when the damage has been done. Another feature of Vision is that if a call is more than say 2 hours it can drop the call, if it was an expensive one at this point the £10 block will stop it being dialled again.

Securing the Splicecom SV1000

Splicecom have designed in some security features:

  • When Yealink phones are auto-provisioned by your SpliceCom SV1000 it issues them with a certificate that is unique to that system, then the phone can register using secure SIP on port 5061 and the system knows it's a trusted device. Without the certificate SIP phones can't register

  • If you have a fixed IP address then the SpliceCom SV1000 will only let the phone connect and as well as the user name and password

  • The SpliceCom Navigate Pro or PCS60 softphone on your PC or MAC uses the non-standard port 5000 as well as being SpliceCom proprietary software so only SpliceCom devices will work
    Being a non-standard port, phone system hackers aren't looking for port 5000 and SIP hacking tools can't connect to the system via this port either

  • Each computer that wants to connect as a softphone has to have its MAC address accepted by the system before it can make calls, again stopping a computer from forcing its way in using the SpliceCom specific port

  • The iPCS app on your smartphone also uses the non-standard port 5000, limiting your remote staff to just Navigate Pro softphone, PCS 60 softphone or iPCS means only one port is open to remote attacks

Block more with your firewall

Normally the phone system ports are locked to just the exchange and support team, once you have people working remotely they need access. If they don’t have a fixed public IP address then those ports should be restricted to just UK IP addresses and the countries needed for those working away while on holiday / International staff. There is however a catch, some ISPs are running out of IP addresses so they have bought in blocks of IP address from other countries, so your staff could be blocked - be careful.

In a Draytek, set the following up as individual Object Settings 🡺 Service Type Objects:

Config Upload80TCP
Secure LDAP4100TCP/UDP
Secure Centralised Partner4018TCP/UDP
Secure SSL / TLS Gateway5000TCP/UDP
SIP & Secure SIP5060 - 5061TCP/UDP
Secure RTP6900 to 10899TCP/UDP - these ports should now be removed from the Splice Exchanges list, see SIP / RTP tab

Add all the individual Service Type Objects into a single "SpliceCom Ports" Service Type Group, then set the following Firewall filters:

Block SpliceCom ports

Then create the next rule as:

Allow from UK and other allowed countries


All prices exclude VAT and should only be used as a guide.
Website ©CTi Communications 2024