On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers

Zhang, Ruishan; Wang, Xinyuan; Farley, Ryan; Yang, Xiaohui; Jiang, Xuxian

doi:10.1145/1533057.1533069

Cited by 45 publications

(26 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zhang et al [74] show that, by exploiting DNS and VoIP implementation vulnerabilities, it is possible for attackers to perform man-in-the-middle attacks even when they are not on the direct communication path of the parties involved. They demonstrate their attack against Vonage, requiring that the attacker only knows the phone number and the IP address of the target phone.…”

Section: D) Captchas and Puzzles (4 Items)mentioning

confidence: 99%

A Comprehensive Survey of Voice over IP Security Research

Keromytis

2012

IEEE Commun. Surv. Tutorials

116

View full text Add to dashboard Cite

Abstract-We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products.We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems.

show abstract

Section: D) Captchas and Puzzles (4 Items)mentioning

confidence: 99%

A Comprehensive Survey of Voice over IP Security Research

Keromytis

2012

IEEE Commun. Surv. Tutorials

116

View full text Add to dashboard Cite

show abstract

“…Wang et al [24] investigated the trust of several leading VoIP services (e.g., Vonage, AT&T) and showed that their VoIP calls can be transparently diverted and redirected-leading to voice pharming attacks on the VoIP users. It has been further detailed [26] that these call diversion attacks can be launched by a remote attacker who is not initially in the path of VoIP traffic of the target.…”

Section: Related Workmentioning

confidence: 99%

Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and Mitigation

Farley

Wang

2013

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

Self Cite

View full text Add to dashboard Cite

Abstract. As more and more people are using VoIP softphones in their laptop and smart phones, vulnerabilities in VoIP protocols and systems could introduce new threats to the computer that runs the VoIP softphone. In this paper, we investigate the security ramifications that VoIP softphones expose their host to and ways to mitigate such threats. We show that crafted SIP traffic (noisy attack) can disable a Windows XP host that runs the official Vonage VoIP softphone within several minutes. While such a noisy attack can be effectively mitigated by threshold based filtering, we show that a stealthy attack could defeat the threshold based filtering and disable the targeted computer silently without ever ringing the targeted softphone. To mitigate the stealthy attack, we have developed a limited context aware (LCA) filtering that leverages the context and SIP protocol information to ascertain the intentions of a SIP message on behalf of the client. Our experiments show that LCA filtering can effectively defeat the stealthy attack while allowing legitimate VoIP calls to go through.

show abstract

“…The authors argue for the need for TLS or IPsec protection of the signaling. Zhang et al [62] show that, by exploiting DNS and VoIP implementation vulnerabilities, it is possible for attackers to perform man-in-the-middle attacks even when they are not on the direct communication path of the parties involved. They demonstrate their attack against Vonage, requiring that the attacker only knows the phone number and the IP address of the target phone.…”

Section: Addressing Social Threats (49 Items)mentioning

confidence: 99%