1st International ICST Workshop on Security and QoS in Communication Networks

Research Article

Vulnerabilities in SOHO VoIP gateways

  • @INPROCEEDINGS{10.1109/SECCMW.2005.1588318,
        author={Peter   Thermos and Guy  Hadsall},
        title={Vulnerabilities in SOHO VoIP gateways},
        proceedings={1st International ICST Workshop on Security and QoS in Communication Networks},
  • Peter Thermos
    Guy Hadsall
    Year: 2006
    Vulnerabilities in SOHO VoIP gateways
    DOI: 10.1109/SECCMW.2005.1588318
Peter Thermos1,*, Guy Hadsall1
  • 1: The VoPSecurity.org Forum
*Contact email: pthermos@vopsecurity.org


The technological advancements and equipment cost reductions, aid in the rapid evolution of residential networks, which evolved in to an autonomous ecosystem with more elaborate services and capabilities than previously experienced. The elements in the residential networks are using a combination of hardware, software and communication protocols with inherent security vulnerabilities due to this new configuration. One such component is the voice over IP (VoIP) gateway, which in many cases is replacing the current Internet gateway thus providing network as well as VoIP connectivity. The new VoIP gateways are required to provide greater robustness and security than the current Internet gateways since they need to support critical services such as E911 and real-time multimedia applications. This paper reflects the results of a research study that aimed at identifying security issues associated with residential VoIP gateways, including signaling and media routing, implementation, operation, and network management in order to understand their impact on end users and service providers. The findings suggest that attacks such as message, replay, amplification (i.e. Denial of Service or "DoS" ), annoyance (SPIT), and eavesdropping along with misconfiguration and several other weaknesses can have a severe impact on the subscriber's ability to communicate in an emergency or disclosure of sensitive information.