An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems
نویسندگان
چکیده
Phone features, e.g., 911 call, voicemail, and Do Not Disturb, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle or remote attacker could transparently 1) hijack selected E911 calls and impersonate the Public Safety Answering Point (PSAP); and 2) spoof the voicemail servers of both the caller and the callee of selected VoIP calls; and 3) make spam calls to VoIP subscribers even if Do Not Disturb is enabled. These empirical results confirm that leading deployed SIP-based VoIP systems have serious security vulnerabilities.
منابع مشابه
Security testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملAn Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems.dvi
Phone features, e.g., 911 call, voicemail, and Do Not Disturb, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle ...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاململزومات امنیتی پیادهسازی IMS SIP سرور امن
IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...
متن کاملAnalysis and Protection of SIP based Services
Multimedia communications over IP are booming as they offer higher flexibility and more features than traditional voice and video services. IP telephony known as Voice over IP (VoIP) is one of the commercially most important emerging trends in multimedia communications over IP. Due to the flexibility and descriptive power, the Session Initiation Protocol (SIP) is becoming the root of many sessi...
متن کامل