VoIP Security: Detecting Even the Stealthiest of VoIP Attacks
August 10th, 2006Scammers and spammers are increasingly employing Voice over IP (VoIP) as a new means of launching attacks targeting the infrastructure and services on the Internet. Given the ease of use and availability of VoIP technology, it is easy to foresee a future in which an attacker either legitimately or through ‘number-jacking’ (i.e., compromising software phones), amasses an army of phone numbers, readily available for launching any kind of attack through auto-dialing capability.
But just how serious are the threats posed to VoIP? We’ve already seen a string of attacks against either the VoIP infrastructure or end users. In one such incident, early June of this year, two men were arrested for fraudulently routing approximately 500,000 calls illegally over the VoIP network belonging to Net2Phone, a Newark, N.J., VoIP provider.
How would people’s attitudes toward technologies like VoIP change if they understood the ease with which hackers could either attack their phones, or worse, hijack their phone or number to launch an infrastructure attack? We believe these threats are very real. We also believe that the average user thinks of their VoIP phone in much the same way as their circuit switched phone - as private and secure.
We have recently introduced new security algorithms that have the unique capability of processing several millions of calls per second, from either ISPs or carrier-links, in order to detect a wide variety of attacks:
- Call spam where a spammer places large volume of automated calls through a few harvested phones
- Scanning or “blind?” flooding attacks aimed at “random?” targets, and employed to discover SIP phone devices, proxy servers, registrars, etc.
- Targeted flooding attacks (DoS, DDoS) employing high-intensity or repeated packets
- Call hijacking or “man in the middle?” attacks by intruders attempting to take control of a call
- Exploit attacks (buffer overflow, SIP, etc.) designed to exploit vulnerabilities in VoIP or SIP implementations
Our philosophy is that securing VoIP is more than securing SIP. You must be able to secure protocols at all layers from 3 to 7, and deal with asymmetric traffic from multiple links. In future entries, we will discuss our systems approach in more detail.