VoIP Can Still Be Exploited -- Badly
This addresses security risks for users of VoIP phones in IoT networks, but it is incremental as it builds on known vulnerabilities with new attack demonstrations.
The paper tackles the security vulnerabilities in VoIP phones by demonstrating the Phonejack family of attacks, including exploiting vulnerabilities, denial-of-service, and call sniffing, and shows that inexpensive devices like Raspberry Pi can serve as effective countermeasures.
VoIP phones are early representatives as well as present enhancers of the IoT. This paper observes that they are still widely used in a traditional, unsecured configuration and demonstrates the Phonejack family of attacks: Phonejack 1 conjectures the exploitation of phone vulnerabilities; Phonejack 2 demonstrates how to mount a denial-of-service attack on a network of phones; Phonejack 3 sniffs calls. It is reassuring, however, that inexpensive devices such as a Raspberry Pi can be configured and programmed as effective countermeasures, thus supporting the approach of integrating both technologies. We demonstrate both attacks and defence measures in a video clip. The concluding evaluations argue that trusting the underlying network security measures may turn out overly optimistic; moreover, VoIP phones really ought to be protected as laptops routinely are today