Research Article
Voice pharming attack and the trust of VoIP
@INPROCEEDINGS{10.1145/1460877.1460908, author={Xinyuan Wang and Ruishan Zhang and Xiaohui Yang and Duminda Wijesekera and Xuxian Jiang}, title={Voice pharming attack and the trust of VoIP}, proceedings={4th International ICST Conference on Security and Privacy in Communication Networks}, publisher={ACM}, proceedings_a={SECURECOMM}, year={2008}, month={9}, keywords={}, doi={10.1145/1460877.1460908} }
- Xinyuan Wang
Ruishan Zhang
Xiaohui Yang
Duminda Wijesekera
Xuxian Jiang
Year: 2008
Voice pharming attack and the trust of VoIP
SECURECOMM
ACM
DOI: 10.1145/1460877.1460908
Abstract
Voice communication is fundamental to the normal operation of our society. The general public have put a lot of trust in voice communication and they have been relying on it for many critical and sensitive information exchange (e.g., emergency 911 calls, calls to customer service of financial institutions). Now more and more voice calls are carried, at least partially, over the public Internet rather than traditional Public Switched Telephone Network (PSTN). The security ramifications of using VoIP, however, have not been fully recognized. It is not clear how secure and trustworthy the currently deployed VoIP systems are, and there exists a substantial gap in the understanding of the potential impact of VoIP exploits on the VoIP users. In this paper, we seek to fill this gap by investigating the trust issues of currently deployed VoIP systems and their implications to the VoIP users. Our experiments with leading deployed VoIP services (e.g, Vonage, AT&T and Gizmo) show that they are vulnerable to a number of VoIP exploits that essentially violate the VoIP users' basic trust that their calls will reach their intended destinations only. Specifically, a MITM (man-in-the-middle) can 1) detour any chosen Vonage and AT&T VoIP call via anywhere on the Internet; 2) redirect any selected Vonage and AT&T VoIP call to any third party without authorization; 3) manipulate and set the call forwarding setting of any selected Gizmo VoIP subscriber without authorization. Such an unauthorized call diversion capability enables a new attack, called voice pharming, against VoIP users, where the attacker transparently diverts selected VoIP calls to the bogus IVR (interactive voice response) or bogus representative. In other words, voice pharming can cause selected VoIP callers to interact with the bogus IVR or representative even if they have dialed the correct phone numbers. Therefore, even the most meticulous VoIP caller could be tricked into giving out sensitive information (e.g., SSN, credit card number, PIN) to the adversary. To mitigate such imminent threats to current VoIP users, all segments along the VoIP path need to be protected and trustworthy. Our experience shows that enforcing TLS or IPSEC between the SIP phone and SIP servers could be an effective first step toward mitigation.