VoIP Vulnerabilities, a white paper issued by McAfee Labs, found almost 60 vulnerabilities in voice over internet products, compared to just under 20 vulnerabilities in 2006.
"We can credit part of this increase to better tools for finding VoIP vulnerabilities, yet this upward trend should be largely attributed to the growing number of VoIP installations", the white paper said.
Cisco equipment was by far the biggest source of VoIP vulnerabilities, outpacing competitors Nortel and Avaya Business Communications by a factor of five, the report found.
The white paper gave examples of VoIP vulnerabilities at various levels. Eavesdropping on VoIP conversations is possible when the default implementation of the Real Time Protocol (RTP) used to carry VoIP traffic is not encrypted, for example. Tools such as VOMIT have been published to dump unencrypted traffic between phones and turn it into playable sound.
Replay attacks use recorded control data sessions to send fraudulent instructions to call management software. This can be used to spoof calls that have come from a third party, for example. Other vulnerabilities lead to attacks including denial of service, in which traditional vulnerabilities in IP networks are used to disrupt phone service, such as for example inserting a hang-up command into a traffic stream.
Some of these technical exploits can be used to support attacks such as voice phishing (vishing), in which spoof calls are made from criminals pretending to be employees of legitimate organizations trying to 'confirm' information about the victim.
However, one of the most common attacks is also possibly one of the most damaging, the report suggested: "Toll fraud is one of the most frequent attacks against VoIP. We have seen attackers targeting small businesses - such as in Perth, Australia, where they made 11 000 calls costing more than US$120 000 - to attackers stealing more than 120 million VoIP minutes and making $1.2 million from Verizon and AT&T", it explained.