Which of the following are common VoIP-associated vulnerabilities? (Choose two.)
Which of the following are common VoIP-associated vulnerabilities? (Choose two.)
Two common VoIP-associated vulnerabilities include vishing and credential harvesting. Vishing, or voice phishing, involves making unsolicited or fraudulent phone calls over an internet telephony service, tricking users into disclosing personal or financial information. Credential harvesting involves collecting user credentials through diverse methods such as brute force attacks or packet sniffing, which can lead to unauthorized access to the VoIP system. These attacks exploit the nature of VoIP systems that transmit voice as data over IP networks, making them vulnerable to such security threats.
Hopping does not exist in exam objectives
heads up - vlan hopping one was of the choices on my exam, but credential harvesting was not! IDK which one is correct besides vishing, but cred harvesting wasnt there.
So the only reason "hopping" is not the answer is because it's not in the exam objectives? So I guess it's SPIM and credential harvesting
he just said cred harvesting is NOT on the test.. :(
Spim and vishing
after heavy consideration and reading through multiple sec+ books, i m kinda going with B & D. vishing and credential harvesting as being the most common attacks, as hopping doesnt ever seem to come up in the material. https://fitsmallbusiness.com/voip-security-threats/
although they dont specifically mention VOMIT, a common result of VOMIT would be credntial harvesting. "VOMIT, is a VoIP hacking technique that extracts confidential data and voice packets directly from calls. VOMIT works by eavesdropping on phone calls and converting phone conversations into files straight from your business phone system. This makes it easy to obtain company information, including usernames, passwords, bank details, phone numbers, and call origin."
may I ask why D? considering its VOIP it would be B for sure but D is just another form of B just in a different aspect.
SPIM (Spam over Internet Messaging) is a type of VoIP-associated vulnerability that involves sending unsolicited or fraudulent messages over an internet messaging service, such as Skype or WhatsApp. It can trick users into clicking on malicious links, downloading malware, providing personal or financial information, etc., by impersonating a legitimate entity or creating a sense of urgency or curiosity. Vishing (Voice Phishing) is a type of VoIP-associated vulnerability that involves making unsolicited or fraudulent phone calls over an internet telephony service, such as Google Voice or Vonage. It can trick users into disclosing personal or financial information, following malicious instructions, transferring money, etc., by using voice spoofing, caller ID spoofing, or interactive voice response systems.
SPIM (Spam over Internet Messaging) is a type of VoIP-associated vulnerability that involves sending unsolicited or fraudulent messages over an internet messaging service, such as Skype or WhatsApp. It can trick users into clicking on malicious links, downloading malware, providing personal or financial information, etc., by impersonating a legitimate entity or creating a sense of urgency or curiosity. Vishing (Voice Phishing) is a type of VoIP-associated vulnerability that involves making unsolicited or fraudulent phone calls over an internet telephony service, such as Google Voice or Vonage. It can trick users into disclosing personal or financial information, following malicious instructions, transferring money, etc., by using voice spoofing, caller ID spoofing, or interactive voice response systems.
SPIM falls into VoIP in Comptia's world.
Really? I'd love to see a VOIP system with IM. Never seen one before!
Forgot about cloud based VOIP - they all have IM built into their service. A & B are, indeed, the correct answer here.
Based on gather information i think it is A and B, although B and E also sound correct. I hate these questions.
This can be the only correct combination. If anyone wants full exam with correct answers you can get in touch at <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="83f7ebe6e2adf0eeeaf7ebb1b3c3ecf6f7efecece8ade0ecee">[email protected]</a>
emailed you.
emailed you!
emailed you as well. looking forward to hearing from you
I can't believe Hopping is not considered a vulnerability for VOIP. Every company I've ever worked for put their VOIP on a VLAN (it's a spelled out best practice in every security guide I've seen!). I've never seen a corporate VOIP that supports instant messaging, but there are a couple of web-based VOIPs that support it. I figure it's more rare and hopping would be FAR more dangerous/vulnerable than spam/spim. Who writes these questions?!?!
SPIM is for messages So B for sure and the next closer to VOIP vulnerability is the E
please tell me how you're going to Instant message a voip phone, answer can't be A.. its BE
Scammers use Voip to offer fake employment and also use it to gather datas that contains individual using SMS social engineering.
Copilot says B+E. Copilot: The two common VoIP-associated vulnerabilities from the options provided are: B. Vishing: Vishing, or voice phishing, is a type of attack that attempts to trick victims into giving up sensitive personal information over the phone. Since VoIP systems are essentially transmitting voice as data over IP networks, they are susceptible to the same phishing attacks that can occur in data networks. E. Credential Harvesting: VoIP systems can be vulnerable to attacks where credentials are harvested. Attackers can use various methods, such as brute force attacks or packet sniffing, to obtain user credentials. Once these credentials are obtained, attackers can gain unauthorized access to the VoIP system.
B,E are correct options. Contact for full questions <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="10647875713e637d7964782220507f65647c7f7f7b3e737f7d">[email protected]</a>
B. For sure but E. is correct due to Voicemail via email attachment. The attachment may malicious code.
For those not convinced to Hopping (I was), one of many resources on to voip vlan hopping: https://community.broadcom.com/symantecenterprise/viewdocument/voip-hopping-a-method-of-testing?CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68 The other one just must be Vishing.
SPIM (Spam over Instant Messaging) not with VoIP Vishing yes as it is voice phishing...partly why when a spammer asks you a yes or no questions,,,,its best to hang up. Cred harvisting can be exploited when you have voicemail set to be emailed to you
Only B & C answers are related to VOIP. Vishing should be obvious Hopping, not as obvious, but since putting VOIP devices on a separate network, physical or VLAN, is a recommended good practices, VLAN is susceptible to hopping.
SPIM and Vishing