Consumers and enterprises alike are rapidly adopting voice-over-IP (VoIP) technologies, which offer higher flexibility and more features than traditional telephony infrastructures. They can also potentially lower costs through equipment consolidation and, for the consumer market, new business models. However, VoIP systems also represent high complexity in terms of architecture, protocols, and implementation, with a corresponding increase in the potential for misuse. The author conducted survey of published vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database and in two IETF RFC Internet drafts. These issues ranged from relatively straightforward problems that can lead to server or equipment crashes (denial of service [DoS]) to more serious problems that let adversaries eavesdrop on communications, remotely take over servers or handsets, impersonate users, avoid billing or charge another user (toll fraud), and so on.
[1]
D Keromytis Angelos,et al.
VOICE OVER IP: RISKS, THREATS AND VULNERABILITIES
,
2009
.
[2]
Robert Sparks,et al.
Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies
,
2008,
RFC.
[3]
Angelos D. Keromytis.
A Look at VoIP Vulnerabilities
,
2010,
login Usenix Mag..
[4]
Roger M. Needham,et al.
Denial of service
,
1993,
CCS '93.
[5]
Angelos D. Keromytis,et al.
A Comprehensive Survey of Voice over IP Security Research
,
2012,
IEEE Communications Surveys & Tutorials.
[6]
Humberto Abdelnur,et al.
SIP digest authentication relay attack
,
2009
.