skip to main content
10.1145/1460877.1460908acmotherconferencesArticle/Chapter ViewAbstractPublication PagessecurecommConference Proceedingsconference-collections
research-article

Voice pharming attack and the trust of VoIP

Published: 22 September 2008 Publication History

Abstract

Voice communication is fundamental to the normal operation of our society. The general public have put a lot of trust in voice communication and they have been relying on it for many critical and sensitive information exchange (e.g., emergency 911 calls, calls to customer service of financial institutions). Now more and more voice calls are carried, at least partially, over the public Internet rather than traditional Public Switched Telephone Network (PSTN). The security ramifications of using VoIP, however, have not been fully recognized. It is not clear how secure and trustworthy the currently deployed VoIP systems are, and there exists a substantial gap in the understanding of the potential impact of VoIP exploits on the VoIP users. In this paper, we seek to fill this gap by investigating the trust issues of currently deployed VoIP systems and their implications to the VoIP users.
Our experiments with leading deployed VoIP services (e.g, Vonage, AT&T and Gizmo) show that they are vulnerable to a number of VoIP exploits that essentially violate the VoIP users' basic trust that their calls will reach their intended destinations only. Specifically, a MITM (man-in-the-middle) can 1) detour any chosen Vonage and AT&T VoIP call via anywhere on the Internet; 2) redirect any selected Vonage and AT&T VoIP call to any third party without authorization; 3) manipulate and set the call forwarding setting of any selected Gizmo VoIP subscriber without authorization. Such an unauthorized call diversion capability enables a new attack, called voice pharming, against VoIP users, where the attacker transparently diverts selected VoIP calls to the bogus IVR (interactive voice response) or bogus representative. In other words, voice pharming can cause selected VoIP callers to interact with the bogus IVR or representative even if they have dialed the correct phone numbers. Therefore, even the most meticulous VoIP caller could be tricked into giving out sensitive information (e.g., SSN, credit card number, PIN) to the adversary. To mitigate such imminent threats to current VoIP users, all segments along the VoIP path need to be protected and trustworthy. Our experience shows that enforcing TLS or IPSEC between the SIP phone and SIP servers could be an effective first step toward mitigation.

References

[1]
F. Andreasen and B. Foster. Media Gateway Control Protocol (MGCP) Version 1.0. RFC 3435, IETF, January 2003.
[2]
Anti-Phishing Working Group. Consumer Advice: How to Avoid Phishing Scams. http://www.antiphishing.org/consumer_recs.html
[3]
J. Arkko, V. Torvinen, G. Camarillo, A. Niemi and T. Haukka. Security Mechanism Agreement for the Session Initiation Protocol (SIP). RFC 3329, IETF, January 2003.
[4]
ABI Study Predicts 267 Million Residential VoIP Subscribers Worldwide by 2012. P. Barnard. http://www.tmcnet.com/voip/ip-communications/articles/4824-abi-study-predicts-267-million- residential-voip-subscribers.htm.
[5]
S. A. Baset and H. Schulzrinne. An Analysis of the Skype Peer-to-Peer Internel Telephony Protocol. Columbia Technical Report CUCS-039-04, December 2004
[6]
Report: Cable VoIP Market Set to Surge. M. Perez. http://www.voip-news.com/news/cable-voip-market-report-080406/.
[7]
T. Dierks and C. Allen. The TLS Protocol. RFC 2246, IETF, January 1999
[8]
Dsniff. http://www.monkey.org/dugsong/dsniff/
[9]
John E. Dunn. Expert scares world with VoIP hacking proof. http://www.techworld.com/security/news/index.cfm?newsid=10736
[10]
H. Enck, P. Traynor, P. McDaniel and T. L. Porta. Exploiting Open Functionality in SMS-Capable Cellular Networks. In Proceedgins of the 12th ACM Conference on Computer and Communications Security (CCS 2005), November 2005.
[11]
Enterprise VoIP adoption in North America will more than double in 2010. http://www.voip-news.com/press-releases/enterprise- adoption-america-forecast-projection-021407/.
[12]
J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen and L. Stewart. HTTP Authentication: Basic and Digest Access Authentication. RFC 2617, IETF, June 1999.
[13]
Sharon Gaudin. Pharming Attack Slams 65 Financial Targets. http://www.informationweek.com/showArticle.jhtml?articleID=197008230
[14]
D. Geneiatakis, G. Kambourakis, T. Dagiuklas, C. Lambrinoudakis and S. Gritzalis. SIP Security Mechanisms: A State-of-the-art Review. In the Proceedings of the Fifth International Network Conference (INC 2005), pages 147--155, July 2005, Samos, Greece,
[15]
Gizmo. http://gizmo5.com
[16]
M. Handley and V. Jacobson. SDP: Session Description Protocol. RFC 2327, IETF, April 1998.
[17]
Identity Theft Resource Center. http://www.idtheftcenter.org/
[18]
R. Jaques. Cyber-Criminals Switch to VoIP 'Vishing'. http://www.vnunet.com/vnunet/news/2160004/cyber-criminals-talk-voip.
[19]
S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. RFC 2401, IETF, November 1998.
[20]
Jeremy Kirk. 'Pharming' attack hits 50 banks. http://www.techworld.com/security/news/index.cfm?newsid=8102
[21]
P. D. Kretkowski. VoIP: How Free Can It Be? http://www.voip-news.com/feature/voip-how-free-can-be-120307/
[22]
Andrew Lavallee. Email Scammers Try New Bait in Voice 'Phishing'. http://www.post-gazette.com/pg/06198/706477-96.stm.
[23]
Hank Layton. Phone Scammers Targeting Veterans, Patriot Guard. http://www.leavenworthtimes.com/articles/2008/01/07/news/news06.txt
[24]
Jim Louderback. Security Holes Make VoIP a Risky Business. http://www.eweek.com/article2/0,1759,1591127,00.asp#talkback
[25]
Man-In-The-Middle Attack. http://en.wikipedia.org/wiki/Man_in_the_ middle_attack
[26]
S. McGann and D. C. Sicker. An analysis of Security Threats and Tools in SIP-Based VoIP Systems. Second VoIP Security Workshop, 2005.
[27]
G. Me, D. Verdone. An Overview of Some Techniques to Exploit VoIP over WLAN In Proceedings of 2006 International Conference on Digital Telecommunications (ICDT 2006), August 2006.
[28]
R. Naraine. Voice Phishers Dialing for PayPal Dollars. http://www.eweek.com/article2/0,1895,1985966,00.asp.
[29]
Nuance Speaker Verification Delivers Biometric Security without Expensive Equipment or Special Hardware. http://www.nuance.com/news/pressreleases/2006/20060803_biometric.asp.
[30]
J. Peterson. A Privacy Mechanism for the Session Initiation Protocol (SIP). RFC 3323, IETF, November 2002.
[31]
Pharming. URL. http://en.wikipedia.org/wiki/Pharming
[32]
Phishing. URL. http://en.wikipedia.org/wiki/Phishing
[33]
B. Prince. Experts: Enterprises Must Focus on VOIP Security. http://www.eweek.com/article2/0,1895,2154629,00.asp
[34]
R. Racic, D. Ma amd H. Chen. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery. In Proceedgins of the Second International Conference on Security and Privacy in Communication Networks (Securecomm 2006), August 2006.
[35]
The Radicati Group. Corporate VoIP Market, 2005--2009. http://www.peterdehaas.net/2005/09/corporate_voip_.html
[36]
B. Ramsdell, Editor. S/MIME Version 3 Message Specification. RFC 2633, IETF, June 1999.
[37]
ITU-T Recommendation H.323v.4 Packet-based multimedia communications systems. November 2000.
[38]
B. Reynolds and D. Ghosal. Secure IP Telephony Using Multi-layered Protection In Proceedgins of the 2003 Network and Distributed System Security Symposium (NDSS 2003), Feburary 2003.
[39]
R. Rivest. The MD5 Message-Digest Algorithm. RFC 1321, IETF, April 1992.
[40]
J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M Handley and E. Schooler. SIP: Session Initiation Protocol. RFC 3261, IETF, June 2002.
[41]
S. Salsano, L. Veltri, D. Papalilo. SIP Security Issues: the SIP Authentication Procedure and Its Processing Load. In IEEE Network, 16(6), Pages 38--44, 2002.
[42]
H. Schulzrinne. Internet Telephony. In Practical Handbook of Internet Computing, CRC, 2004
[43]
H. Schulzrinne, S. Casner, R. Frederick and V. Jacobson. RTP: A Transport Protocol for Real-Time Applications. RFC 1889, IETF, January 1996.
[44]
H. Schulzrinne and J. Rosenberg. A Comparison of SIP and H.323 for Internet Telephony. In Proceedings of International Workshop on Network and Operating System Support for Digital Audio and Video (NOSSDAV 1998), pages 83--86, Cambridge, England, July 1998.
[45]
H. Schulzrinne and J. Rosenberg. Signaling for Internet Telephony. In Proceedings of The 6th IEEE International Conference on Network Protocols (ICNP'98), October 1998.
[46]
Secure Computing Corporation. Secure Computing Warns of New VoIP Based Phishing Scam; Credit Card and Banking Customers Warned to Be on Guard Against ID Theft By Phone. http://www.securecomputing.com/press_releases.cfm? ID=879984
[47]
Larry Seltzer. Don't Believe That Lying Telephone. http://www.eweek.com/article2/0,1759,2004426,00.asp
[48]
H. Sengar, H. Wang, D. Wijesekera, and S. Jajodia. Fast Detection of Denial of Service Attacks on IP Telephony. In Proceedings of the 14th IEEE International Workshop on Quality of Service (IWQoS 2006), June 2006.
[49]
H. Sengar, D. Wijesekera, H. Wang, and S. Jajodia. VoIP Intrusion Detection Through Interacting Protocol State Machines. In Proceedgins of the 2006 International Conference on Dependable Systems and Networks (DSN 2006), June 2006.
[50]
Skype - the Global Internet Telephony Company. http://www.skype.org
[51]
Radu State. Remote eavesdropping with SIP Phone GXV-3000. http://www.voipsa.org/pipermail/voipsec_voipsa.org/2007-August/002424.html
[52]
Fueled by VoIP Adoption, PBX Revenue to Exceed $7.5 Billion in 2011. J. Torres. http://ipcommunications.tmcnet.com/hot- topics/gateway/articles/4738-fueled-voip-adoption- pbx-revenue-exceed-75-billion.htm
[53]
Bob Violino. After Phishing? Pharming! http://www.csoonline.com/read/100105/pharm.html
[54]
Vishing. http://en.wikipedia.org/wiki/Vishing
[55]
Vonage Is Still #1 In VoIP Market Share. http://www.voipnow.org/2006/07/vonage_is_still.html.
[56]
X. Wang, S. Chen, and S. Jajodia. Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005), pages 81--91, Alexandra, VA, November 2005. ACM.
[57]
Y. Wu, S. Bagchi, S. Garg, N. Singh. SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments In Proceedgins of the 2004 International Conference on Dependable Systems and Networks (DSN 2004), Pages 433--442, July 2004.
[58]
R. Zhang, X. Wang, X. Yang, X. Jiang. Billing Attacks on SIP-Based VoIP Systems In Proceedings of the 1st USENIX Workshop on Offensive Technologies (WOOT 2007), August 2007.

Cited By

View all
  • (2022)Side-Channel VoIP Profiling Attack against Customer Service Automated Phone SystemGLOBECOM 2022 - 2022 IEEE Global Communications Conference10.1109/GLOBECOM48099.2022.10001537(6091-6096)Online publication date: 4-Dec-2022
  • (2021)Phishing Attacks: A Recent Comprehensive Study and a New AnatomyFrontiers in Computer Science10.3389/fcomp.2021.5630603Online publication date: 9-Mar-2021
  • (2021)Poster: Off-path VoIP Interception Attacks2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS51616.2021.00117(1-2)Online publication date: Jul-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SecureComm '08: Proceedings of the 4th international conference on Security and privacy in communication netowrks
September 2008
329 pages
ISBN:9781605582412
DOI:10.1145/1460877
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • Create-Net
  • INRIA: Institut Natl de Recherche en Info et en Automatique

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 September 2008

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article

Funding Sources

Conference

Securecomm08
Sponsor:
  • INRIA

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)23
  • Downloads (Last 6 weeks)3
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Side-Channel VoIP Profiling Attack against Customer Service Automated Phone SystemGLOBECOM 2022 - 2022 IEEE Global Communications Conference10.1109/GLOBECOM48099.2022.10001537(6091-6096)Online publication date: 4-Dec-2022
  • (2021)Phishing Attacks: A Recent Comprehensive Study and a New AnatomyFrontiers in Computer Science10.3389/fcomp.2021.5630603Online publication date: 9-Mar-2021
  • (2021)Poster: Off-path VoIP Interception Attacks2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS51616.2021.00117(1-2)Online publication date: Jul-2021
  • (2017)Phishing environments, techniques, and countermeasuresComputers and Security10.1016/j.cose.2017.04.00668:C(160-196)Online publication date: 1-Jul-2017
  • (2016)A Practical Scheme for Data Secure Transport in VoIP ConferencingInformation and Communications Security10.1007/978-3-319-50011-9_36(466-475)Online publication date: 25-Nov-2016
  • (2014)iVisher: Real-Time Detection of Caller ID SpoofingETRI Journal10.4218/etrij.14.0113.079836:5(865-875)Online publication date: 1-Oct-2014
  • (2014)A Study of Ten Popular Android Mobile VoIP ApplicationsProceedings of the 2014 47th Hawaii International Conference on System Sciences10.1109/HICSS.2014.596(4858-4867)Online publication date: 6-Jan-2014
  • (2014)Exploiting VoIP softphone vulnerabilities to disable host computers: Attacks and mitigationInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2014.07.0017:3(141-154)Online publication date: Sep-2014
  • (2013)Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and MitigationSecurity and Privacy in Communication Networks10.1007/978-3-319-04283-1_7(104-121)Online publication date: 2013
  • (2012)The impact of TLS on SIP server performanceIEEE/ACM Transactions on Networking10.1109/TNET.2011.218092220:4(1217-1230)Online publication date: 1-Aug-2012
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media