VoIP phones are early representatives as well as present enhancers of the IoT. This paper observes that they are still widely used in a traditional, unsecured configuration and demonstrates the Phonejack family of attacks: Phonejack 1 conjectures the exploitation of phone vulnerabilities; Phonejack 2 demonstrates how to mount a denial-of-service attack on a network of phones; Phonejack 3 sniffs calls. It is reassuring, however, that inexpensive devices such as a Raspberry Pi can be configured and programmed as effective countermeasures, thus supporting the approach of integrating both technologies. We demonstrate both attacks and defence measures in a video clip. The concluding evaluations argue that trusting the underlying network security measures may turn out overly optimistic; moreover, VoIP phones really ought to be protected as laptops routinely are today
翻译:本文指出,在传统的、无担保的配置中,这些电话仍然被广泛广泛使用,并展示了袭击的电话组合:电话杰克一号猜测利用电话脆弱性;电话杰克二号展示了如何对电话网络发动拒绝服务的攻击;电话杰克三号探嗅电话;然而,令人欣慰的是,像Raspberry Pi这样的廉价设备可以被配置和编成有效的反措施,从而支持将这两种技术结合起来的做法。我们在视频短片中展示了攻击和防御措施。最后评价认为,相信基本网络安全措施可能会变得过于乐观;此外,VoIP电话今天作为笔记本,确实应该受到保护。
相关内容
微信扫码咨询专知VIP会员