Two Days Left to Get a Free GIAC Certification Attempt or Take $350 Off with OnDemand or vLive Training!

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Telephone Issues

Featuring 6 Papers as of April 30, 2019

  • Security Considerations for Voice over Wi-Fi (VoWiFi) Systems STI Graduate Student Research
    by Joel Chapman - April 30, 2019 

    As the world pivots from Public Switched Telephony Networks (PSTN) to Voice over Internet Protocol (VoIP)-based telephony architectures, users are employing VoIP-based solutions in more situations. Mobile devices have become a ubiquitous part of a person's identity in the developed world. In the United States in 2017, there were an estimated 224.3 million smartphone users, representing about 68% of the total population. The ability to route telephone call traffic over Wi-Fi networks will continue to expand the coverage area of mobile devices, especially into urban areas where high-density construction has previously caused high signal attenuation. Estimates show that by 2020, Wi-Fi-based calling will make up 53% of mobile IP voice service usage (roughly 9 trillion minutes per year) (Xie, 2018). In contrast to the more traditional VoIP solutions, however, the standards for carrier-based Voice over Wi-Fi (VoWiFi) are often proprietary and have not been well-publicized or vetted. This paper examines the vulnerabilities of VoWiFi calling, assesses what common and less well-known attacks are able to exploit those vulnerabilities, and then proposes technological or procedural security protocols to harden telephony systems against adversary exploitation.

  • Security Analysis: Traditional Telephony and IP Telephony by Alan Klein - March 29, 2003 

    The goal of this paper is to take a step back and analyze the security implications of migrating from a traditional telephony architecture to an IP telephony architecture.

  • Unified Communications Technologies by Jason Kelly - January 29, 2003 

    This paper will cover the basics of unified Communications, what it is, how it works and how it is vulnerable to attack.

  • Often Overlooked: PBX and Voice Security in a Networked World by Chris Herrera - January 12, 2003 

    My goal is to bring you up to speed on some of the common risks and specific attacks/countermeasures associated with voice systems.

  • Eavesdropping an IP Telephony Call by Tom Long - October 4, 2002 

    This paper examines the area of call eavesdropping in detail and outlines how the process of eavesdropping has changed as the PBX technology has evolved; it also suggests that the art of call eavesdropping may be easier than ever before.

  • The GSM Standard (An overview of its security) by Suraj Srinivas - December 20, 2001 

    This paper examines the security issues of the Global Systgem for Mobile Communications (GSM), a mobile phone system used throughout the world.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact

All papers are copyrighted. No re-posting or distribution of papers is permitted.

STI Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.