Call Center

Ask A Pen Tester (Gross Acronym Edition): What Are VOMIT & SPIT?


VOMIT (Voice over Misconfigured Internet Telephones) as it’s so colorfully referred to, presents a serious security threat for VoIP phone systems. Hackers use this method to eavesdrop and extract voice packets directly from ongoing calls, thus gaining access to sensitive information such as call origin, usernames and passwords, and financial data.

To address this issue, you should strongly consider using a service that automatically encrypts incoming and outgoing calls.


Another colorfully-named-yet-in-fact-serious security threat is SPIT, which stands for Spam over IP Telephony. Put simply, SPIT is the VoIP equivalent of email spam. SPIT schemes send out pre-recorded voicemail messages and/or robocalls en masse in hopes of tricking unsuspecting marks into picking up the phone and listening to the voicemail messages. If you’re unlucky enough to be the victim of one of these schemes, you can be on the hook for high international calling fees, which are siphoned off by the perpetrators for profit.  

While there’s no way to totally prevent SPIT attacks, setting yourself up with a quality modern firewall that helps identify spam on arrival so it can’t inflict damage on your company and its clients.

More from Our Cybersecurity Experts