Dial H for Hackers
Voice over IP (VOIP) phone technology, like Vonage, which utilizes the Internet’s higher bandwidth and lower overhead, provide a cost efficient alternative to traditional copper-based phone networks.
But unlike traditional phone networks, an unsecured VOIP phone can be a juicy target for hackers who can easily cause havoc with your phone service.
A VOIP phone is like a computer, which means it is susceptible to denial of service and other attacks that have long been the bane of networked computers.
That is what associate professor of computer science, Ian Harris, and members of his Systems Test lab are trying to prevent.
"Denial of service is probably the most prevalent threat today to VoIP networks," Harris said. "A VOIP system has so many moving parts and has very strict network requirements. There are a lot of evil things you can do."
Harris and his research group are working on ways to test the software security of phones. One way is by utilizing the Session Initiation Protocol (SIP) to reveal security weakness in VOIP phones.
SIP establishes calls between phones and acts as a traffic cop, sending data packets across the Internet via proxy servers to their correct locations.
By utilizing random test generation to selectively inject errors in the SIP message sequence, Harris hopes to trigger a wide range of security vulnerabilities.
These vulnerabilities include man-in-the-middle attacks, where a program is inserted between the SIP phone and SIP proxy, allowing the manipulation of audio. For example, calls can be dropped or rerouted or background noise can be added.
"Over the next couple of years, there will be an increase in attacks," Harris said. "The trick is to stay ahead of them and develop methods of preventing them."
