2009 | OriginalPaper | Buchkapitel
An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems
verfasst von : Ruishan Zhang, Xinyuan Wang, Xiaohui Yang, Ryan Farley, Xuxian Jiang
Erschienen in: Information Security Practice and Experience
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Phone features, e.g.,
911 call
,
voicemail
, and
Do Not Disturb
, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle or remote attacker could transparently 1) hijack selected E911 calls and impersonate the Public Safety Answering Point (PSAP); and 2) spoof the voicemail servers of both the caller and the callee of selected VoIP calls; and 3) make spam calls to VoIP subscribers even if
Do Not Disturb
is enabled. These empirical results confirm that leading deployed SIP-based VoIP systems have serious security vulnerabilities.