Attack Vectors
All technology has a security issue, from electronic voting machines to VoIP. One of the items that often confuses or inappropriately diffuses matters is the perceived difficulty involved in launching and carrying out an attack. The truth is that with sufficient motivation, including possible wealth, fame, or vengeance, any security issue can be exposed and exploited. VoIP attack vectors are similar to traditional vectors in networking equipment. For example, there is no need to have physical access to a phone or to the PBX closet. The access needed to perform VoIP attacks depend on the type of VoIP deployment. The most popular attack vectors for VoIP networks are shown in the following list.
A local subnet, such as an internal network, where VoIP is used by unplugging and/or sharing a VoIP hard phone’s Ethernet connection (usually sitting on one’s desk), an attacker can connect to the voice network.
A local network that is using wireless technology with untrusted users, such as a coffee shop, hotel room, or conference center An attacker can simply connect to the wireless network, reroute traffic, and capture VoIP calls.
A public or nontrusted network, such as the Internet, where VoIP communication is used An attacker who has access to a public network can simply sniff the communication and capture telephone calls.