Types of VoIP Attacks
VoIP architectures and services are prone to several types of attacks. These can be categorized into vulnerabilities or exploits that violate any of the CIA (confidentiality, integrity, and availability) tenants, detailed here:
• Confidentiality Attacks include eavesdropping, packet sniffing, password cracking, social engineering, information leakage
• Integrity Attacks include message, log, and configuration tampering, and bit flipping
• Availability Attacks and vulnerabilities include denial of service (DoS), distributed DoS, physical tampering, corruption of data, manmade and natural disasters, and fuzzing
An additional category of violations could be attacks to circumvent authenticity. These attacks would include spoofing and man-in-the-middle replay attacks. Since SIP is the most prevalent VoIP protocol that is deployed globally, let’s focus our sights on understanding some of the more popular SIP attacks:
• Enumeration
• SIP password cracking
• Eavesdropping/packet capture
• Denial of service