Posts tagged ‘Man-in-the-middle attacks’

March 3, 2011

Security Threats In VoIP

Users have been exposed to the risks of sending data over the Internet while at the same time having the expectation that telephone conversations are strictly confidential. Security issues in the data and voice networks are in fact very similar, but completely separate in the minds of most users. Major security concerns of VOIP networks.

• Phreaking
Phreaking is a slang term coined to describe the activity of a subculture of people who study, experiment with, or explore telecommunication systems. This is sometimes called the H/P culture (with H standing for hacking and P standing for phreaking). Through this making calls through another user network, putting cost to that person.
• Eavesdropping
Eavesdropping is how most hackers steal credentials and get important information like business data. Through eavesdropping, a third party can obtain names, password and phone numbers, allowing them to gain control over voicemail, calling plan, call forwarding and billing information.
• Vishing
Vishing is a party calling you faking a trustworthy organization (e.g. your bank) and requesting confidential and often critical information.
• DoS (Denial of Service)
DoS attacks can be carried out by flooding a target with unnecessary SIP call-signaling messages, thereby degrading the service.
• SPIT (Spamming over Internet Telephony)
SPIT attacks consist of sending a voicemail to a person, masquerading it with information from a party trustworthy to the receiver, like a bank or online paying service, making him think he is safe.
• Man-in-the-middle attacks
VoIP is particularly vulnerable to man-in-the-middle attacks, in which the attacker intercepts call-signaling SIP message traffic and masquerades as the calling party to the called party, or vice versa. Once the attacker has gained this position, he can hijack calls via a redirection server.

Advertisements