ESC SV-463- Testing Voice Over IP (VOIP) Phones for Security Vulnerabilities
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The common use of networked embedded systems and the relative lack of attention to security for these systems makes them potential targets. Voice over IP (VOIP) phone technology represents an important and growing embedded networked application area which is vulnerable to network-based attacks. This class presents a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Our tool generates an input sequence for a VOIP phone which is designed to reveal security vulnerabilities in the phone application.