The threats against VoIP are numerous and seem to be growing, but in 2008 the technology probably won’t suffer crippling attacks.

The potential danger is very real. VoIP is susceptible to the many exploits that networks generally are heir to — denial of service, buffer overflows and more. VoIP PBXs are servers on corporate networks and are only as secure as the networks themselves.

In addition, there are many voice-specific attacks and threats. These have been chronicled by researchers and vendors intending to alert users and suggest ways to guard against them.

For instance, two protocols widely used in VoIP — H.323 and Inter Asterisk eXchange — have been shown to be vulnerable to sniffing during authentication, which can reveal passwords that later can be used to compromise the voice network. Implementations of Session Initiation Protocol (SIP), an alternative VoIP protocol, can leave VoIP networks open to unauthorized transport of data.

In addition, tools that can help find vulnerable deployments have been published online by a VoIPSA, an industry group dedicated to securing VoIP. The VoIPSA tools are intended to help businesses test and secure their networks, but these and other online tools can be used to probe for weaknesses as well.

Still, there have been few exploits so far and none that have been widespread or crippling to businesses. Such as Sniffing and many exploits that’ can  allow a attack to listen in your phone calls control your Voip network and ect. What you are about to read is yet another exploit that has been released.
A proof of concept (POC) to exploit an issue in a cable modem to hijack / steal VoIP calls has been released to the wild.

GNUCITIZEN has published the POC exploit at http://www.gnucitizen.org/blog/call-jack… calling the methodology “Call Jacking”.

The exploit can allow the users VoIP account to be used to dial calls on behalf of the malicious attacker. Another scenario would be to have the user click on a URL on a specially crafted web page and the exploit would cause a call to be initiated from the users VoIP phone to a pre-defined destination BUT it would appear that the call originated from the destination phone not the users phone. This would be very useful in a social engineering attack. The user clicking on a link pro-porting to be from his bank in fact would be initiating a call to a hacker determined to harvest the users banking credentials over the phone.