As the use of Voice over IP (VoIP) grows due to its wide adoption as part of Over-the-Top (OTT) applications, its integration with the many decades old SS7 interconnect agreements are a growing cause of concern for end subscribers, regulators and obviously communication service providers.
Late last year, Sandvine was asked by several of our customers to investigate this OTT VoIP app integration, and today we are happy to issue our findings as a Global Internet Phenomena Spotlight.
The report is based on data collected from a fixed access network in a developing market and highlights how security flaws in the SS7 voice network have created security, privacy, and lost revenue risks that impact both subscribers and operators.
According to a recent survey by the Communications Fraud Control Association, Interconnect Bypass fraud is one of the largest sources of lost revenue for CSPs and costs them across the globe an estimated $6 billion dollars (United States Dollars) annually.
The explosion of mobile VoIP applications has helped to introduce a new type of Interconnect Bypass fraud, which exploits SS7 interconnect agreements and is often referred to as OTT Voice Bypass fraud. OTT Voice Bypass fraud is on the rise thanks to the exploitation of an “In Calling” feature available on some VoIP apps. “In Calling” allows a subscriber to receive circuit switched calls, often unknowingly, as VoIP calls. The feature is increasingly being used to fraudulently intercept, terminate, and re-initiate calls in the SS7 interconnect and collect termination fees that would (and have) otherwise gone to CSPs running the circuit switched networks.
Sandvine’s Global Internet Phenomena Spotlight: OTT Voice Bypass Fraud contains a number of revelatory facts about this emerging type of fraud, the highlights of which include:
- “In Calling” features are often turned on by default in smartphone VoIP apps, resulting in both the person making the call and the person receiving the call potentially not being aware that their call is being intercepted. This lack of transparency represents a significant security and privacy risk to subscribers.
- Over 60% of the traffic from the leading VoIP app on the network examined was from OTT Voice Bypass calls enabled by an “In Calling” feature
- Based on the bandwidth observed, in a typical month, Sandvine estimates there are over five million minutes of fraudulent OTT Voice Bypass calls terminated on the network
- Based on publicly available figures for international call termination, five million fraudulent “In Calling” minutes each month could result in millions of dollars in lost revenue for the operator examined each year
If you are an operator, a regulator, or even a subscriber who is interested in learning more about how VoIP apps work and how old SS7 interconnect agreements may be being exploited to be both a source of revenue leakage for operators and a security/privacy risk for their subscribers, I strongly encourage you to check out this report.