How Vulnerable are SBCs to Service Theft - The Reality Check

24 Jan

In the rapidly advancing world, the organization not only relies on voice calls, now they use other modes of communication, which include video conferencing, desktop sharing, messaging, etc. All these elements are intensively used during the Corona pandemic. They required a protocol called Session Initiation Protocol, to work flawlessly. Even though the Session Initiation Protocol is a powerful and integrated part of real-time communications, but has a lot of challenges, which are increases during the Corona pandemic. To overcome those challenges Session Border Controller is used.

1. What is SBC?

A Session Border Controller is a device use to regulate IP combination flows. You deploy it at the network border to regulate all forms of communication.

For sake of simplicity, we can say SBC is like a firewall that controls the flow of information between call endpoints, restricting end-to-end transparency. The Session Border Controller consists of three words:


Session: In networking, it refers to communication between two parties through telephonic mode. The call can consist of one or more call media streams like audio-video call or other data. Along with this it also contains information on call statistics and quality. These streams together make a session and SBC controls the data flow sessions.

Border: It is self-explanatory as it separates one part from another part of the network. With the help of an example you can better understand, an organization network, a firewall demarcates the local network (inside the corporate) from the rest of the internet (outside of the corporate).

Controller: It refers to the influence that the SBC has on data streams that consist of sessions. It provides measurement, access control, and data conversion facilities for the call they controlled.

Nowadays SBC is widely used by various firms, to secure their network because it serves various roles.

1. Security: It protects the network and other devices from:

I. Malicious attacks like DoS and DDoS

II. Toll frauds

III. Encryption of signaling

2. Connectivity: It allows different parts of the network to communicate through the use of a variety of techniques:

I. SIP normalization

II. IPv4 and IPv6 interworking

III. VPN connection

IV. Protocol translation

3. Regulation: It provides supports for regulatory requirements such as:

I. Emergency call prioritization

II. Lawful interception

4. Media service: New generation SBC provide border base media control and services such as:

I. Data and fax interworking

II. Support for voice and video calls

Even after its diverse application, SBC has some limitations.

1. Break end-to-end security:

It will break end to end security relation between the caller and the callee. Callee is expected to trust SBC.

2. Change the SDP body:

It changes the SDP body and contact information, they also break signature in the identity header.

3. The vulnerability of SBC to service theft:

You will be surprised to know that last year a business in California, the USA was hit by a bill of $120,000, by hacking the network and made 11,000 calls through its system in 46 hours period. Similarly in India, a business received a bill of Rs 600,000 for calls, just in a single week. By considering these examples you can imagine how service theft can impact a business in a short time.

During the coronavirus pandemic, it was found that this kind of frauds has increased to a new level.

Enterprise communication network generally uses SIP, which is vulnerable to service theft. Big enterprises have the complete ecosystem to protect from service theft but small or medium organizations generally are the victim of such attacks. They leave ports open to the internet, which welcomes the attacker into their system. Even after installing SBC the attacker breaches the security and misuse the network, as attacker are more smatter and their attacks are more sophisticated.

Even after installing SBC, the attacker breaches security, this is like you have a sword but do not know how to use it. The SBC standard configuration is not enough to defend the network from attackers. You need to harden your SBC to prevent your network from an attacker who is trying to hack your communication system.

So just deployment of SBC is not enough to ensure network security. You have to configure SBC properly (To Update them) and audit the configuration regularly (To govern them). Real-time monitoring by Updated SBC alerts you when an attack happens and defend your network. SBC monitor specific network failure, webRTC binding failure, media relay failure, STUN server errors, etc. These are a simple failure and can be resolved easily, but proper awareness can help you choose the right course of action.

This is definitely a very challenging task because a company looks at a lot of parameters but automation in SBC (Assertion SBC Hardening) simplifies the work. And varieties of industries now using different types of SBC depending on their use.

2. Which organization is ideal for installing SBC?

According to the 2018-2024 SIP Global market 7-year forecast and analysis, the various enterprise uses SBC. In the USA 18% of enterprise uses it, the percentage of Canadian and Western European firm using SBC is 19% and 20% respectively. Worldwide demand for SBC is growing by 7.6% year over the year 2019 and it may reach 8% in the year 2024. You can find that SBC is suitable for a communication technology firm, IT firms, and any firm using communication networks or Vendor Company providing communication technology security solutions to firms.

3. Conclusion

Installing SBC is one of the best ways to securing a network but it is still vulnerable to service theft if you don’t configure SBC properly and auditing it regularly.

Add a Comment