Some VoIP apps are exploiting security flaws in the SS7 voice network resulting in risks to security, privacy, and revenue
WATERLOO, ON, March 16, 2017 /CNW/ - Sandvine, (TSX:SVC) a leading provider of intelligent broadband network solutions for fixed and mobile operators, today released a Global Internet Phenomena Report Spotlight focusing on OTT Voice Bypass fraud. The report is based on data collected from a fixed access network in a developing market and highlights how security flaws in the SS7 voice network have created security, privacy, and lost revenue risks that contribute to the growing phenomena of OTT Voice Bypass fraud.
According to a recent survey by the Communications Fraud Control Association, Interconnect Bypass fraud is one of the largest sources of lost revenue for CSPs and costs them across the globe an estimated $6 billion dollars (United States Dollars) annually.
In recent years, the explosion of mobile VoIP applications has helped to introduce a new type of Interconnect Bypass fraud, which is known as OTT Voice Bypass fraud. This type of fraud is on the rise thanks to the exploitation of an "In Calling" feature available on some VoIP apps. "In Calling" allows a subscriber to receive circuit switched calls, often unknowingly, as VoIP calls. The feature is increasingly being used to fraudulently intercept, terminate, and re-initiate calls in the SS7 interconnect and collect termination fees that would (and have) otherwise gone to CSPs running the circuit switched networks.
Sandvine's Global Internet Phenomena Spotlight: OTT Voice Bypass Fraud contains a number of revelatory facts, the highlights of which include:
- "In Calling" features are often turned on by default in smartphone VoIP apps, resulting in both the person making the call and the person receiving the call potentially not being aware that their call is being intercepted. This lack of transparency represents a significant security and privacy risk to subscribers.
- Over 60% of the traffic from the leading VoIP app on the network examined was from OTT Voice Bypass calls enabled by an "In Calling" feature
- Based on the bandwidth observed, in a typical month, Sandvine estimates there are over five million minutes of fraudulent OTT Voice Bypass calls terminated on the network
- Based on publicly available figures for international call termination, five million fraudulent "In Calling" minutes each month could result in millions of dollars in lost revenue for the operator examined each year
"Measuring the exploitation of security flaws in the voice network can help operators make data-driven decisions about how to better secure their network, minimize privacy risks to their subscribers, and build mitigation plans to reduce OTT voice bypass fraud and the accompanying lost revenue," said Don Bowman, CTO, Sandvine.
Sandvine's network policy control solutions add intelligence to fixed, mobile and converged communications service provider networks, to increase revenue, reduce network costs and improve subscriber quality of experience. Our networking solutions perform end-to-end policy control functions, including traffic classification, policy decision, and enforcement. Deployed as virtualized network functions or on Sandvine's purpose-built hardware, the products provide actionable business insight, and the ability to deploy new consumer and business subscriber services, optimize and secure network traffic, and engage with subscribers.
Sandvine's network policy control solutions are deployed in more than 300 networks in over 100 countries, serving hundreds of millions of data subscribers worldwide. www.sandvine.com.
Certain statements in this release which are not historical facts constitute forward-looking statements or forward-looking information within the meaning of applicable securities laws ("forward-looking statements") and are made pursuant to the "safe harbour" provisions of such laws. Statements related to the scope of deployment of Sandvine's products by a specific customer, the potential revenue opportunity with any particular customer or in any market segment, the benefits of Sandvine's products and services to be realized by customers, Sandvine's market position, future opportunities, product development plans and demand for Sandvine's products and services are forward looking statements, as are any statements relating to future events, conditions or circumstances. Readers are cautioned not to place undue reliance upon any such forward-looking statements. Such forward-looking statements involve both known and unknown risks and uncertainties that may cause the actual results, performance or achievements of Sandvine to differ materially from the results, performance, achievements or developments expressed or implied by such forward-looking statements. These risks and uncertainties include, without limitation, changes in internal deployment strategies or plans by specific customers; the growth of broadband internet usage and levels of capital spending on broadband network management systems; the timing of orders and manufacturing lead times; changes in customer order patterns or customer mix; insufficient, excess or obsolete inventory; increased competition in the broadband network equipment industry; dependence on the timely development and market acceptance of new product offerings and standards; rapid technological and market change; manufacturing and sourcing risks including dependence on key suppliers and key technologies; dependence upon indirect channel sales and resellers; factors such as business and economic conditions and growth trends in the broadband network equipment industry and in various geographic regions; dependence upon key intellectual property and the potential for infringement of the intellectual property rights of others; global economic conditions and uncertainties in the geopolitical environment including the impact of regulation related to the internet and the delivery of internet services and export control regulations. Forward-looking statements are based on management's current plans, estimates, projections, beliefs and opinions, and Sandvine does not undertake any obligation to update forward-looking statements should assumptions related to these plans, estimates, projections, beliefs and opinions change, except to the extent required by applicable law.