Fuzzing for vulnerabilities in the VoIP space

Voice over IP is emerging as the key technology in the current and future Internet. This paper shares some essential practical experience gathered over a two years period in searching for vulnerabilities in the VoIP space. We will show a terrifying landscape of the most dangerous vulnerabilities capable to lead to a complete compromise of an internal network. All of the described vulnerabilities have been disclosed responsibly by our group and were discovered using our in-house developed fuzzing software KIF. The paper provides also mitigation techniques for all described vulnerabilities.