In a recent blog post OnSIP noted that some hosted PBX customers using Polycom SIP phones were receiving phantom calls from an internet source. Such calls are known as Spam-over-Internet-Telephony, aka “SPIT.” They have been a topic of discussion in VoIP security circles for years.
As has been mentioned many times, we have a number of Polycom VVX Series phones hereabouts. Our phones are registered with OnSIP and ZipDX. Fortunately, we have not experienced such phantom calls ourselves.
I had not even noted the first OnSIP blog post until a former colleague reached out to tell me that his VVX-500 had received over 700 such calls in the past few days. He noted that the calls were an annoyance. If answered, there was no connection. He could tell that the calls were coming to the phone directly, since they were not rolling over to his cell phone in left unanswered. That implied that the logic of the hosted PBX was not in play.
The very next day OnSIP posted an update to this issue. They had implemented a solution that would cause Polycom phones to reject calls that were coming from a source other than their SIP proxy. This is based upon something that Polycom calls Incoming Signal Validation. Customers who have phones that use the OnSIP provisioning server need only reboot their phones to uptake this new setting.
Disclosure: OnSIP is a sponsor of the VoIP Users Conference.