Qi Wang (Tsinghua University), Jianjun Chen (Tsinghua University), Jingcheng Yang (Tsinghua University), Jiahe Zhang (Tsinghua University), Yaru Yang (Tsinghua University), Haixin Duan (Tsinghua University)

Session Initiation Protocol (SIP) is a cornerstone of modern real-time communication systems, powering voice calls, text messaging, and multimedia sessions across services such as VoIP, VoLTE, and RCS. While SIP provides mechanisms for authentication and identity assertion, its inherent flexibility poses the risk of semantic ambiguity among implementations that can be exploited by attackers.

In this paper, we present SIPCHIMERA, a novel black-box fuzzing framework designed to systematically identify ambiguity-based identity spoofing vulnerabilities across SIP implementations. We evaluated SIPCHIMERA against six widely used opensource SIP servers—including Asterisk and OpenSIPS—and nine popular user agents, uncovering that attackers could spoof their identity via manipulating identity headers and circumvent authentication. We demonstrate the real-world impact of these vulnerabilities by evaluating five VoIP devices, seven commercial SIP deployments, and three carrier-grade RCS-based SMS platforms. Our experiments show that attackers can exploit these vulnerabilities to perform caller ID spoofing in VoIP calls and send spoofed SMS messages over RCS, impersonating arbitrary users or services. We have responsibly disclosed our findings to affected vendors and received positive acknowledgments. We finally propose remedies to mitigate those issues.

View More Papers

Incident Response Planning Using a Lightweight Large Language Model...

Kim Hammar (Department of Electrical and Electronic Engineering, University of Melbourne, Australia), Tansu Alpcan (Department of Electrical and Electronic Engineering, University of Melbourne, Australia), Emil C. Lupu (Department of Computing, Imperial College London, United Kingdom)

Read More

ViGText: Deepfake Image Detection with Vision-Language Model Explanations and...

Ahmad ALBarqawi (New Jersey Institute of Technology, Newark, NJ, USA), Mahmoud Nazzal (Old Dominion University, Norfolk, VA, USA), Issa Khalil (Qatar Computing Research Institute (QCRI), HBKU, Doha, Qatar), Abdallah Khreishah (New Jersey Institute of Technology, Newark, NJ, USA), NhatHai Phan (New Jersey Institute of Technology, Newark, NJ, USA)

Read More

On Borrowed Time: Measurement-Informed Understanding of the NTP Pool's...

Robert Beverly (San Diego State University), Erik Rye (Johns Hopkins University)

Read More