On the Billing Vulnerabilities of SIP-Based VoIP Systems
For commercial VoIP services, billing is crucial to both service providers and their subscribers. One of the most basic requirements of any billing function is that it must be accurate and trustworthy. A reliable VoIP billing mechanism should only charge VoIP subscribers for the calls they have really made and for the durations they have called. Existing VoIP billing is based on the underlying VoIP signaling and media transport protocols. Hence, vulnerabilities in VoIP signaling and media transports can be exploited to compromise the trustworthiness of the billing of VoIP systems. In this paper, the authors analyze several deployed SIP-based VoIP systems, and present three types of billing attacks: call establishment hijacking, call termination hijacking and call forward hijacking.