Date Added: Sep 2011
Voice over Internet Protocol based systems replace phone lines in many scenarios and are in wide use today. Automated security tests of such systems are required to detect implementation and configuration mistakes early and in an efficient way. In this paper, the authors present a plugin for their fuzzer framework fuzzolution to automatically detect security vulnerabilities in Session Initiation Protocol based Voice over Internet Protocol softphones, which are examples for endpoints in such telephone systems. The presented approach automates the interaction with the Graphical User Interface of the softphones during test execution and also observes the behavior of the softphones using multiple metrics.