This paper talks about the state of security or lack of of the VoIP protocols. It talks a lot about encryption and introduces some attacks in that area. Of interest:
- replay attack on SDES key exchange causing SRTP to use the same keystream in multiple sessions. This means that the attacker removes encryption from SRTP-protected data streams.
- An attack on ZRTP involving unauthenticated uesr IDs. This allows bypassing / disabling of authentication or a DoS attack.
- A security issue related to randomness in MIKEY