A Look at VoIP Vulnerabilities

Voice over IP (VOIP) and Internet Multimedia Subsystem (IMS) technologies offer higher flexibility than traditional telephony infrastructures and the potential for lower cost through equipment consolidation and new business models. In this article, I examined the current state of affairs on VOIP/IMS security through a survey of all the 221 kown/disclosed security vulnerabilities in the Common vulnerabilities and Exposure (CVE) database and in IETF RFCs/drafts. My key finding is than the higher complexity of VOIP/IMSsystems leads to a variety of attcks vectors, many of them caused by unforeseen and unexpected components interactions. A second finding is that what people seem to worry about in VOIP (traffic interception and impresionation) bears no resemblance to the distribution of vulnerabilities actually disclosed. The article concludes with some practical suggestions for securing VOIP systems.