Anonymous Eavesdropping and Call Redirection

Man-in-the-middle attacks have plagued networks for many years. Tools from Dsniff/fragrouter to Cain & Abel help show how network communication methods are not secure. Using the same model, telephone communication via VoIP can fall into the same problem space. While Layer 2 man-in-the-middle attacks using ARP packets are by far the easiest way to eavesdrop on a call, access to the correct network space is required. Unfortunately, there are a few ways to eavesdrop without using ARP poisoning—using common phishing attacks in combination with call redirection.

The first kind of this attack is a targeted attack, involving Caller ID spoofing. The attacker essentially creates a three-way call between the credit ...

Get Hacking VoIP now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.