5.1.2 Attacks on Connectivity Checks
An attacker might attempt to sniff the signaled candidates and passwords to maliciously obtain control of the call and related media. This protocol relies on the existence of a secure channel to exchange candidates. A malicious user might attempt to attack the STUN connectivity checks either to maliciously gain control of the call and related media to a different endpoint or to cause a failure of the connectivity checks. The malicious user can potentially inject connectivity check packets to fool an endpoint into considering a valid transport address pair invalid or vice versa. Alternatively, the malicious user can cause the endpoints to discover incorrect peer-derived candidates. These attacks are mitigated by this protocol by mandating the MESSAGE-INTEGRITY attribute in the STUN connectivity checks and responses.