As an IP application, Voice over the Internet Protocol is exposed to a number of attacks. Security is an important consideration for VoIP providers since each component in the VoIP structure can be used as a target, and VoIP has specific security challenges as well. It has a several security problems.
Eavesdropping and VoIP Phishing
VoIP Phishing nvolves a party calling you faking a trustworthy organization (e.g. your bank) and requesting confidential and often critical information.
Viruses and malware
VoIP application involving softphone and software are vulnerable to worms, viruses and malware, just like any Internet application. Since these softphone applications run on user systems like PCs and PDAs, they are exposed and vulnerable to malicious code attacks in voice applications
SPIT (Spamming over Internet Telephony)
Every VoIP account has an associated IP address. It is easy for spammers to send their messages (voicemails) to thousands of IP addresses. Voice mailing as a result will suffer. With spamming, voicemails will be blocked and more space as well as better voicemail management tools will be required. Moreover, spam messages can carry viruses and spyware along with them.
Call tampering and Man-in-the-middle attacks
Call tampering is an attack which involves tampering a phone call in progress. The attacker could spoil the quality of the call by adding noise packets in the communication stream. He can also withhold the delivery of packets so that the communication becomes unclear and the participants come across long periods of silence during the call. VoIP is particularly vulnerable to man-in-the-middle attacks, in which the attacker interrupts call-signaling SIP message traffic and pretend as the calling party to the called party, or vice versa. Once the attacker has gained this position, he can hijack calls through a redirection server.
