VoIP Can Still Be Exploited -- Badly
Pietro Biondi, Stefano Bognanni, Giampaolo Bella
TL;DR
This paper reveals that VoIP phones remain vulnerable to multiple attack types, demonstrating exploit techniques and countermeasures, emphasizing the need for better security practices comparable to those for laptops.
Contribution
It introduces the Phonejack attack family on VoIP phones and shows how inexpensive devices can effectively defend against these threats.
Findings
VoIP phones are still widely insecure in default configurations.
Attack demonstrations include vulnerability exploitation, DoS, and call sniffing.
Countermeasures using Raspberry Pi devices are effective.
Abstract
VoIP phones are early representatives as well as present enhancers of the IoT. This paper observes that they are still widely used in a traditional, unsecured configuration and demonstrates the Phonejack family of attacks: Phonejack 1 conjectures the exploitation of phone vulnerabilities; Phonejack 2 demonstrates how to mount a denial-of-service attack on a network of phones; Phonejack 3 sniffs calls. It is reassuring, however, that inexpensive devices such as a Raspberry Pi can be configured and programmed as effective countermeasures, thus supporting the approach of integrating both technologies. We demonstrate both attacks and defence measures in a video clip. The concluding evaluations argue that trusting the underlying network security measures may turn out overly optimistic; moreover, VoIP phones really ought to be protected as laptops routinely are today
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Opportunistic and Delay-Tolerant Networks · Internet Traffic Analysis and Secure E-voting