Some VoIP apps are exploiting security flaws in the SS7 voice network resulting in risks to security, privacy, and revenue
Waterloo, ON; March 16, 2017 – Sandvine, (TSX:SVC) a leading provider of intelligent broadband network solutions for fixed and mobile operators, today released a Global Internet Phenomena Report Spotlight focusing on OTT Voice Bypass fraud. The report is based on data collected from a fixed access network in a developing market and highlights how security flaws in the SS7 voice network have created security, privacy, and lost revenue risks that contribute to the growing phenomena of OTT Voice Bypass fraud.
According to a recent survey by the Communications Fraud Control Association, Interconnect Bypass fraud is one of the largest sources of lost revenue for CSPs and costs them across the globe an estimated $6 billion dollars (United States Dollars) annually.
In recent years, the explosion of mobile VoIP applications has helped to introduce a new type of Interconnect Bypass fraud, which is known as OTT Voice Bypass fraud. This type of fraud is on the rise thanks to the exploitation of an “In Calling” feature available on some VoIP apps. “In Calling” allows a subscriber to receive circuit switched calls, often unknowingly, as VoIP calls. The feature is increasingly being used to fraudulently intercept, terminate, and re-initiate calls in the SS7 interconnect and collect termination fees that would (and have) otherwise gone to CSPs running the circuit switched networks.
Sandvine’s Global Internet Phenomena Spotlight: OTT Voice Bypass Fraud contains a number of revelatory facts, the highlights of which include:
- “In Calling” features are often turned on by default in smartphone VoIP apps, resulting in both the person making the call and the person receiving the call potentially not being aware that their call is being intercepted. This lack of transparency represents a significant security and privacy risk to subscribers.
- Over 60% of the traffic from the leading VoIP app on the network examined was from OTT Voice Bypass calls enabled by an “In Calling” feature
- Based on the bandwidth observed, in a typical month, Sandvine estimates there are over five million minutes of fraudulent OTT Voice Bypass calls terminated on the network
- Based on publicly available figures for international call termination, five million fraudulent “In Calling” minutes each month could result in millions of dollars in lost revenue for the operator examined each year
"Measuring the exploitation of security flaws in the voice network can help operators make data-driven decisions about how to better secure their network, minimize privacy risks to their subscribers, and build mitigation plans to reduce OTT voice bypass fraud and the accompanying lost revenue," said Don Bowman, CTO, Sandvine.
Sandvine’s network policy control solutions add intelligence to fixed, mobile and converged communications service provider networks, to increase revenue, reduce network costs and improve subscriber quality of experience. Our networking solutions perform end-to-end policy control functions, including traffic classification, policy decision, and enforcement. Deployed as virtualized network functions or on Sandvine’s purpose-built hardware, the products provide actionable business insight, and the ability to deploy new consumer and business subscriber services, optimize and secure network traffic, and engage with subscribers.
Sandvine’s network policy control solutions are deployed in more than 300 networks in over 100 countries, serving hundreds of millions of data subscribers worldwide. www.sandvine.com.
+1 519 880 2232