An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems

  • Ruishan Zhang
  • Xinyuan Wang
  • Xiaohui Yang
  • Ryan Farley
  • Xuxian Jiang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5451)


Phone features, e.g., 911 call, voicemail, and Do Not Disturb, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle or remote attacker could transparently 1) hijack selected E911 calls and impersonate the Public Safety Answering Point (PSAP); and 2) spoof the voicemail servers of both the caller and the callee of selected VoIP calls; and 3) make spam calls to VoIP subscribers even if Do Not Disturb is enabled. These empirical results confirm that leading deployed SIP-based VoIP systems have serious security vulnerabilities.


VoIP security SIP voicemail fraud 911 hijacking voice spam 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    First Report and Order and Notice of Proposed RuleMaking,
  2. 2.
  3. 3.
    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261, IETF (June 2002)Google Scholar
  4. 4.
    Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A Transport Protocol for Real-Time Applications. RFC 1889, IETF (January 1996)Google Scholar
  5. 5.
  6. 6.
    AT&T’s CallVantage,
  7. 7.
  8. 8.
    Zhang, R., Wang, X., Yang, X., Jiang, X.: Billing Attacks on SIP-Based VoIP Systems. In: lst USENIX Workshop on Offensive Technologies (WOOT 2007) (August 2007)Google Scholar
  9. 9.
  10. 10.
    Zhang, R., Wang, X., Farley, R., Yang, X., Jiang, X.: On the Feasibility of Launching the Man-In-The-Middle Attacks on VoIP from Remote Attackers. In: 4th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2009), Sydney, Australia (March 2009)Google Scholar
  11. 11.
    Arkko, J., Torvinen, V., Camarillo, G., Niemi, A., Haukka, T.: Security Mechanism Agreement for the Session Initiation Protocol (SIP). RFC 3329, IETF (January 2003)Google Scholar
  12. 12.
    Baugher, M., McGrew, D., Naslund, M., Carrara, E., Norrman, K.: The Secure Real-time Transport Protocol (SRTP). RFC 3711, IETF (March 2004)Google Scholar
  13. 13.
    Reynolds, B., Ghosal, D.: Secure IP Telephony Using Multi-layered Protection. In: 10th Network and Distributed System Security Symposium (NDSS 2003) (Feburary 2003)Google Scholar
  14. 14.
    Wu, Y., Bagchi, S., Garg, S., Singh, N.: SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments. In: 34th International Conference on Dependable Systems and Networks (DSN 2004), pp. 433–442 (July 2004)Google Scholar
  15. 15.
    Sengar, H., Wijesekera, D., Wang, H., Jajodia, S.: VoIP Intrusion Detection Through Interacting Protocol State Machines. In: 36th International Conference on Dependable Systems and Networks (DSN 2006) (June 2006)Google Scholar
  16. 16.
    Mintz-Habib, M., Rawat, A., Schulzrinne, H., Wu, X.: A VoIP Emergency Services Architecture and Prototype. In: 14th International Conference on Computer Communications and Networks (ICCCN 2005) (October 2005)Google Scholar
  17. 17.
    Wang, X., Zhang, R., Yang, X., Jiang, X., Wijesekera, D.: Voice Pharming Attack and the Trust of VoIP. In: 4th International Conference on Security and Privacy in Communication Networks (SecureComm 2008) (September 2008)Google Scholar
  18. 18.
    McGann, S., Sicker, D.C.: An analysis of Security Threats and Tools in SIP-Based VoIP Systems. In: Second VoIP Security Workshop (2005)Google Scholar
  19. 19.
  20. 20.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ruishan Zhang
    • 1
  • Xinyuan Wang
    • 1
  • Xiaohui Yang
    • 1
  • Ryan Farley
    • 1
  • Xuxian Jiang
    • 2
  1. 1.George Mason UniversityFairfaxUSA
  2. 2.N.C. State UniversityRaleighUSA

Personalised recommendations