An overview of some techniques to exploit VoIP over WLAN

Voice over IP (VoIP) is one of the most emerging technologies, with a very relevant market penetration trend. This technology represents a cost advantage for the business and private networks with greater flexibility, if no new related vulnerabilities are introduced. The problems of security of the VoIP are mainly related to the weaknesses of the combination of the SIP and RTP protocols. In the VoWiFi case, these weaknesses are enhanced by the intrinsic vulnerabilities of the first generation wireless networks (802.11b), or by a bad administration of wireless security systems. After building a VoIP network over Wi-Fi without enforcing security measures for the authentication and the privacy of the data, we show in this paper several typologies of attack: eavesdropping and sniffing of the VoIP calls, man in the middle, denial of service, call interruption and build false calls. All these threats can represent part of a check list for a plug-and-play penetration test schedule, whenever a company deploys a VoIP network infrastructure based on some untested VoIP softphone and wireless LAN (as an internal hotspot)