VoIP Penetration Test

VoIP Penetration Test

A VoIP penetration test (VoIP) tests telephone and conferencing systems that bring flexibility for agile businesses and remote workers – and new security and financial risks.

VoIP, Voice over IP, is the standard for phone systems in organisations. A correctly configured VoIP phone system and supporting network significantly increase the security of your voice calls. However, there are many security weaknesses affecting VoIP solutions that allow a malicious insider or an Internet-based attacker to compromise your VoIP infrastructure remotely. Many will consider the greatest risk to be their running up enormous phone bills or eavesdropping on telephone calls made both within your organisation and to your suppliers and customers. But what if an attacker is able to use your VoIP phones as a jumping-off point to get access to your network?

We have extensive experience in both securing and reconfiguring corporate and small business VoIP environments and have worked with industry-standard VoIP technologies and the majority of the manufacturers, including Asterisk, Avaya, Cisco, & others.

We offer a review of your VoIP phones and networks that will give you peace of mind that calls within your organisation are being securely managed. That only authorised people and handsets are able to place calls and that your user’s voicemail cannot be accessed maliciously. And that your VoIP systems can not be used to provide malicious network access.

How a test works

A targeted penetration test will be conducted on the VoIP (Voice over IP) network that is currently in use within the organisation. Our VoIP Penetration Test service will identify vulnerabilities that could allow a malicious user to compromise or abuse the VoIP environment to make unauthorised calls, intercept conversations or pivot attacks into the corporate network.

As part of the VoIP penetration test, the network traffic that is sent between the handsets and the VoIP controller during phone calls will be analysed to identify vulnerabilities that may allow a malicious user to eavesdrop on the calls that are being made or inject malicious network traffic into handsets or the call manager. This provides you with visibility of the level of access that a malicious insider may be able to achieve if they have been able to obtain access to a registered handset.

Using a combination of automated and manual testing, our consultants will perform the following assessments on your VoIP infrastructure to ensure it has been deployed and configured securely:

  • Inspection of the SIP network traffic to ensure that the information sent during the initiation and ‘teardown’ of VoIP calls is secure.
  • Analysis of voice network traffic sent during calls to ensure it is encrypted.
  • Review of handset provisioning process to ensure the handset configuration cannot be modified.
  • Check if unauthorised handsets or ‘softphones’ can be connected to the VoIP network.
  • Network Segregation Test to ensure VoIP network is adequately segregated from the corporate LAN (including any links to managed service providers).
  • Vulnerability Assessment of VoIP infrastructure components.

Our penetration testers will manually inspect the network traffic that is sent during your VoIP calls to ensure it is encrypted and therefore not liable to interception or eavesdropping. A supplementary configuration review of your Call Manager, Session Border Controller (SBC) and handsets ensures you’ve taken every step possible in securing your voice communications.

Engagement prerequisites

  • A signed & completed Testing Consent Form
  • List of networks and devices to be tested.
  • Ability to connect the Hedgehog testing appliance into a connected network
  • Ensure that any Intrusion Prevention Systems have been disabled or Hedgehog’s IP range ( to is white-listed for the duration of the test

Engagement deliverables

Engaging with Hedgehog Security for your External Infrastructure Penetration Test will provide you with the following:

Pre-engagement support

Prior to your test commencing, our penetration tester(s) will discuss the scope of work with you, so that a full understanding is obtained of what your Internet-facing network services are used for. This not only allows the test to run more efficiently but also allows the discovered vulnerabilities to be rated more accurately in terms of risk.

During the testing phase, our consultant(s) will engage directly with you – notifying you of any critical vulnerabilities that may be present within your infrastructure or any evidence in our results that may indicate a security breach may have already taken place.


Once the penetration test has been completed, you will be provided with the following:

Comprehensive Technical Report

Our clear & concise reporting format contains an Executive Summary that can be understood by all members of your organisation – including individuals who may be in management or non-technical roles. All vulnerabilities contain a sufficient level of technical detail, so that your development team and systems administrators can quickly pinpoint the root cause of the vulnerability and apply the recommended course of action.

Technical References

Where applicable, we provide additional reference URLs for each vulnerability, so that further information on the vulnerabilities can be obtained from reputable sources of technical information.

Risk-Based Approach with CVSS Scoring

A risk-based approach is used throughout the report and all vulnerabilities are scored in line with CVSS (Common Vulnerability Scoring System). This allows the contents of the report to be fed into your own internal risk assessments and allows a plan to be developed to address the vulnerabilities which present the highest risk to your organisation.

Secure & Encrypted Test Portal

Due to the sensitive content which may be contained in our test reports, all test reports are delivered to our customers through a secure test portal. Our portal is highly encrypted and is tested on a regular basis.

After Care

Once our engagement is complete and our final report has been delivered to you, our penetration testing team will remain available to you indefinitely for any questions you may have surrounding the report’s findings or our consultancy engagement with you.

We pride ourselves in partnering with our customers to provide ad-hoc security advice and to ensure that our engagement with you doesn’t simply end once the final report has been delivered.

We are committed to ensuring, that as our customer, you receive the utmost value out of our consultancy services and look forward to developing a long-lasting business relationship with you.

Conference Call

Once you have received our final report, you have the option of attending a conference call between the consultant(s) involved in delivering your project and individuals within your organisation who you feel would benefit from a more in-depth discussion of the report’s findings.

A conference call is suitable for both management and technical staff and provides you with the perfect opportunity to ensure that all vulnerabilities and their recommended course of action are fully understood by stakeholders and technical staff who may be tasked with applying the recommended course of action.

Free 14-Day Retest

With the testing being conducted remotely, we include a free retest of all issues identified in the report, providing they are mitigated within 14 days of the reporting being issued. This allows you time to take corrective action and ensures that your efforts have been successful in mitigating the vulnerabilities.

Talk To A Security Specialist

Book a free consultation with a security specialist to discuss your current concerns or security requirements.

Hedgehog Security needs the contact information you provide to us to contact you. You may unsubscribe from these communications at any time.  By clicking "Request Callback" below you agree for us to store and process your data.  For information on how to unsubscribe please review our Privacy Policy.

Cyber Security Consulting

Penetration Testing

SOC as a Service

Cyber Essentials

Vulnerability Scanning