Top 14 VoIP vulnerabilities

The top VoIP vulnerabilities explained

How are VoIP networks weak and vulnerable to attack and catastrophic failure? Securing VoIP Networks, the new book by Peter Thermos and Ari Takanen, looks at VoIP infrastructure and analyses its vulnerabilities much as the Open Web Application Security Project did for Web-related vulnerabilities and Mitre did with its Common Weakness Enumeration dictionary for software. And it's about human failings, too, not just technology problems.

Here are the top VoIP vulnerabilities explained in Securing VoIP Networks:

1. Insufficient verification of data: In VoIP implementations, this can enable man-in the-middle attacks.

2. Execution flaws: Standard databases are typically used as the backbone of VoIP services and registrations. Implementation has to be paranoid in filtering out active content such as SQL queries from user-provided data such as user names, passwords, and Session Initiation Protocol (SIP) URLs. The majority of problems relating to execution flaws result from bad input filtering and insecure programming practices.

3. String/array/pointer manipulation flaws: Malformed packets with unexpected structures and content can exist in any protocol messages, including SIP, H.323, SDP, MGCP, RTP and SRTP. Most typical malformed messages include buffer-overflow attacks and other boundary-value conditions. The result is that the input given by the attacker is written over other internal memory content, such as registers and pointers, which will let the attacker take full control of the vulnerable process.

4. Low resources: Especially in embedded devices, the resources that VoIP implementations can use can be scarce. Low memory and processing capability could make it easy for an attacker to shut down VoIP services in embedded devices.

5. Low bandwidth: The service has to be built so that it will withstand the load even if every caller makes a call at the same time. When the number of subscribers to a VoIP service is low, this is not a big problem. But when a service is intentionally flooded with thousands of bot clients, or when there is an incident that results in a huge load by valid subscribers, the result might be a shutdown of the whole service.

6. File/resource manipulation flaws: These are typical implementation mistakes, programming errors from using insecure programming constructs that result in security problems. These flaws include insecure access to files.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World (US online)
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?