Top 14 VoIP vulnerabilities

The top VoIP vulnerabilities explained

How are VoIP networks weak and vulnerable to attack and catastrophic failure? Securing VoIP Networks, the new book by Peter Thermos and Ari Takanen, looks at VoIP infrastructure and analyses its vulnerabilities much as the Open Web Application Security Project did for Web-related vulnerabilities and Mitre did with its Common Weakness Enumeration dictionary for software. And it's about human failings, too, not just technology problems.

Here are the top VoIP vulnerabilities explained in Securing VoIP Networks:

1. Insufficient verification of data: In VoIP implementations, this can enable man-in the-middle attacks.

2. Execution flaws: Standard databases are typically used as the backbone of VoIP services and registrations. Implementation has to be paranoid in filtering out active content such as SQL queries from user-provided data such as user names, passwords, and Session Initiation Protocol (SIP) URLs. The majority of problems relating to execution flaws result from bad input filtering and insecure programming practices.

3. String/array/pointer manipulation flaws: Malformed packets with unexpected structures and content can exist in any protocol messages, including SIP, H.323, SDP, MGCP, RTP and SRTP. Most typical malformed messages include buffer-overflow attacks and other boundary-value conditions. The result is that the input given by the attacker is written over other internal memory content, such as registers and pointers, which will let the attacker take full control of the vulnerable process.

4. Low resources: Especially in embedded devices, the resources that VoIP implementations can use can be scarce. Low memory and processing capability could make it easy for an attacker to shut down VoIP services in embedded devices.

5. Low bandwidth: The service has to be built so that it will withstand the load even if every caller makes a call at the same time. When the number of subscribers to a VoIP service is low, this is not a big problem. But when a service is intentionally flooded with thousands of bot clients, or when there is an incident that results in a huge load by valid subscribers, the result might be a shutdown of the whole service.

6. File/resource manipulation flaws: These are typical implementation mistakes, programming errors from using insecure programming constructs that result in security problems. These flaws include insecure access to files.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World (US online)
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?