Sciweavers

CCS
2009
ACM

On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers

15 years 1 months ago
On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers
The man-in-the-middle (MITM) attack has been shown to be one of the most serious threats to the security and trust of existing VoIP protocols and systems. For example, the MITM who is in the VoIP signaling and/or media path can easily wiretap, divert and even hijack selected VoIP calls by tempering with the VoIP signaling and/or media traffic. Since all previously identified MITM attacks on VoIP require the adversary initially in the VoIP signaling and/or media path, there is a common belief that it is infeasible for a remote attacker, who is not initially in the VoIP path, to launch any MITM attack on VoIP. This makes people think that securing all the nodes along the normal path of VoIP traffic is sufficient to prevent MITM attacks on VoIP. In this paper, we demonstrate that a remote attacker who is not initially in the path of VoIP traffic can indeed launch all kinds of MITM attacks on VoIP by exploiting DNS and VoIP implementation vulnerabilities. Our case study of Vonage VoIP, th...
Ruishan Zhang, Xinyuan Wang, Ryan Farley, Xiaohui
Added 23 Nov 2009
Updated 23 Nov 2009
Type Conference
Year 2009
Where CCS
Authors Ruishan Zhang, Xinyuan Wang, Ryan Farley, Xiaohui Yang, Xuxian Jiang
Comments (0)