DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
VoIP Intrusion Detection Through Interacting Protocol State Machines
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Detecting spam in VoIP networks
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Billing attacks on SIP-based VoIP systems
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Voice pharming attack and the trust of VoIP
Proceedings of the 4th international conference on Security and privacy in communication netowrks
IEEE Communications Magazine
SIP security issues: the SIP authentication procedure and its processing load
IEEE Network: The Magazine of Global Internetworking
An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
A Survey of Voice over IP Security Research
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
On the billing vulnerabilities of SIP-based VoIP systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
A call conference room interception attack and its detection
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
SIPAD: SIP-VoIP Anomaly Detection using a Stateful Rule Tree
Computer Communications
| Hi-index | 0.00 |
The man-in-the-middle (MITM) attack has been shown to be one of the most serious threats to the security and trust of existing VoIP protocols and systems. For example, the MITM who is in the VoIP signaling and/or media path can easily wiretap, divert and even hijack selected VoIP calls by tempering with the VoIP signaling and/or media traffic. Since all previously identified MITM attacks on VoIP require the adversary initially in the VoIP signaling and/or media path, there is a common belief that it is infeasible for a remote attacker, who is not initially in the VoIP path, to launch any MITM attack on VoIP. This makes people think that securing all the nodes along the normal path of VoIP traffic is sufficient to prevent MITM attacks on VoIP. In this paper, we demonstrate that a remote attacker who is not initially in the path of VoIP traffic can indeed launch all kinds of MITM attacks on VoIP by exploiting DNS and VoIP implementation vulnerabilities. Our case study of Vonage VoIP, the No. 1 residential VoIP service in the U.S. market, shows that a remote attacker from anywhere on the Internet can stealthily become a remote MITM through DNS spoofing attack on a Vonage phone, as long as the remote attacker knows the phone number and the IP address of the Vonage phone. We further show that the remote attacker can effectively wiretap and hijack targeted Vonage VoIP calls after becoming the remote MITM. Our results demonstrate that (1) the MITM attack on VoIP is much more realistic than previously thought; (2) securing all nodes along the path of VoIP traffic is not adequate to prevent MITM attack on VoIP; (3) vulnerabilities of non-VoIP-specific protocols (e.g., DNS) can indeed lead to compromise of VoIP.