VoIP Security Threats - Video, Peter Cox
Peter Cox(?) a security consultant specializing in VoIP security has a great Podcast primer on VoIP security examples. He states that there are really three categories of VoIP Security Threats:
- IP level Threats - shared with the web and email and others, common knowledge to many people already
- Protocol and application specific threats, based on the way the SIP protocol is designed and is implemented, these VoIP security vulnerabilities can result in misdirected calls, terminated calls, and general call disruption
- Content related VoIP Security threats, the interfere with the media stream (the voice or video call)
The most serious is a application level flooding attack, the works by running a script that sends a bunch of calls to an extension in rapid succession and hangs up once answered. It would make a phone unusable, no effective calls in or out.
Imagine also that the attacker injected content into a call, ring the phone and then play a recorded message - Telephone or VoIP SPAM! the last thing we needÂ
Another set of threats revolve around the need of SIP phones to register with an IP/PBX. these kind of VoIP attacks can come in and de-register phones and extensions and render people unable to receive calls