Vulnerability in Some SIP Phones Allowing Remote Eavesdropping
Here is a post by Dan York on the VOIPSA blog, describing an attack where by using a statefull fuzzer, you can cause some SIP phones to allow eavesdropping on conversations in the room.
Recent Posts
Search Blog
- Search Blog
Conferences
General Articles
- Calibre Macro*World, 3/2008
- The biggest VoIP security threats - and how to stop them - Research - Breaking Business and Technology News at silicon.com, 3/2008
- Enterprise security in 2008: Addressing emerging threats like VoIP and virtualization, 1/2008
- VoIP Security Still Falling Short - Network Sentry, 1/2008
- 2008 - the year VoIP gets hacked? | The Register, 1/2008
- PC World - Hackers Claim Flaw in British DSL Service, 1/2008
- Call Jacking: Phreaking the BT Home Hub | GNUCITIZEN, 1/2008
- Blueprint: Network Architecture, 1/2008
- The Top 5 VoIP Security Threats of 2008 - VoIP News, 1/2008
- IT managers complacent about VoIP infrastructure security threats - Security Park news, 1/2008
- Security dominates 2008 IT agenda, 1/2008
- Total surveillance made easy with VoIP phones | GNUCITIZEN, 1/2008
- SIP and Security: Just do it Right, 12/2007
- Top 9 VoIP Threats, 1/2008
- VoIP vulnerabilities increasing, but not exploits, 12/2007
- Techworld.com - VoIP is the next big hack, 12/2007
- Not Waiting for the Big One - VoIP News, 12/2007
- VoIP Security Lessons Microsoft OCS Can Learn From Vonage and Others | NetworkWorld.com Community, 12/2007
- Why Nobody’s VoIP Is Secure - VoIP News, 11/2007
- Techworld.com - Expert scares world with VoIP hacking proof, 11/2007
- Unified communications security vulnerabilities : VoIP Topics, 10/2007
- Vonage Security Problems May Be Just the Start - VoIP News, 11/2007
- VoIP security industry: Guilty as charged - Network World, 11/2007
- � New hack mimics VoIP phone allowing access to data networks | Mobile and Wireless | TechRepublic.com, 11/2007
- VoIP security notices show security remains a multi-vendor issue - Network World, 11/2007
- The Forum for Business IP Telephony - VoiceCon Conference & Events 2008- Enews, 10/30
- SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
- Hackers gain access to private hotel network using Cisco VoIP | NetworkWorld.com Community
- Phones Aren't Safe Either, Hackers Say | Threat Level from Wired.com
- » VoIP Security firm: we informed Vonage of hackability a month ago and haven’t heard back | IP Telephony, VoIP, Broadband | ZDNet.com
Advisories
- Cisco Security Advisory:�Cisco Unified Communications Manager Denial of Service Vulnerabilities, 10/2007
- Cisco Security Advisory:�Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities, 2/2008
- Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow� [Products & Services] - Cisco Systems
- AST-2008-001, 1/2008
- Voice of VOIPSA » Blog Archive » Trixbox contains “phone home” code to retrieve arbitrary commands to execute?, 12/2007
- AST-2007-027, 12/2007
- [VOIPSEC] Nokia N95 cellphone remote DoS using the SIP Stack, 12/2007
- [VOIPSEC] Cisco Phone 7940 remote DOS, 12/2007
- AST-2007-026
- AST-2007-025
Skype Articles
- Improper handling of URI arguments, 1/2008
- Voice of VOIPSA » Blog Archive » Oops… Skype failed to mention this wee minor security update…, 12/2007
- URI problem also affects Acrobat Reader and Netscape - heise Security, 10/2007
- How dangerous is Skype?, 3/2007
- Voice of VOIPSA » Blog Archive » And why exactly would I want to install “Ringjacker” and let other people hijack my inbound ringtone?, 2/2007
- Voice of VOIPSA � Blog Archive � How to avoid Skype 3.0 reading the BIOS of your system, 2/2007
- What threats does Skype face? | Tech News on ZDNet, 1/2007
- Confusion over Skype security threat clears up | CNET News.com, 12/2006
- Dangerously Irrelevant: Advising, webcams, and Skype
- iTWire - Skype bugging your network? Here's how to squash it
« July 2007 | Main | September 2007 »
A Brief Interview in VoIP-News
John Edwards from VoIP News conducted a brief email-interview with me about VoIP security. He posted my (brief) answers to questions in the following article:
http://www.voip-news.com/feature/hacking-voip-exposed-082707/
VoiceCon 2007
I attended and spoke at the the summer VoiceCon. Voice/VoIP security was a big topic at the show and there were 2 tutorials, 1 panel, and 1 general session. David Endler of TippingPoint and I presented a general VoIP security tutorial on Monday the 20th. We had a decent turnout. I took the following picture of the room:
I also moderated a panel with David Endler and Krishna Kurapati of Sipera on Tuesday the 21st. Again, this session was well attended. The format involved me asking questions and then one or more of us providing answers (as opposed to using presentations). We left about 20 minutes for questions and got some good questions from the audience.
I also participated in the VoiceCon "Morning Call", where Eric Krapf spent 15 minutes discussing issues, including VoIP Security. This was a good opportunity to address the entire audience (although the session was at 8:00, so a lot of people were still in bed). Here are a couple of pictures from this sessions:
VoIP Security Course
Here is a VoIP security course. I looked at the outline and it looks like they use a number of the tools we released with our book. I am sure there are other VoIP security courses out there. If anyone knows of any others, please send them to me and I will add a list to this blog.
http://www.globalknowledge.com/training/course.asp?PageID=9&courseid=10096&country=United+States
Animation Describing SRTP
Here is a flash animation describing Secure RTP (SRTP):
http://blog.tmcnet.com/cross-talk/srtpsecure-rtp-for-voipsip.asp
VoIP Attack Tool Summary from Blackhat 2007
Dustin Trammell posted the following summary of the VoIP testing/attack tools released this year at Blackhat:
http://voipsa.org/blog/2007/08/15/blackhatdefcon-tools-update/
Another Positive Review of Hacking Exposed:VoIP
bThanks to Martyn Davies for posting a 5-star review of our Hacking Exposed: VoIP book on Amazon.
Be sure to check out Martyn's blog. Martyn is also a frequent poster on the VoIPSA blog. Martyn also recently participated in a VoIP security panel, which you can listen to on the Bluebox Podcast.
List of VoIP Security Vulnerabilities
Here is a list of VoIP vulnerabilities:
https://www.securinfos.info/english/security-advisories-alerts/security-advisories-voip.php
Taxonomy Article
Here is an article with an excerpt from a new VoIP security book. The article covers a summary taxonomy provided in the book, which the authors offer as superior to the VoIPSA Threat Taxonomy, because of its simplicity.
http://ipcommunications.tmcnet.com/news/2007/08/15/314541.htm?p=gateway
I haven't read the book yet.
Interview with a VoIP Hacker
Here is an interview by Dan York and Jason Huffman, of Robert Moore, who was the "hacker" used by Edwin Pena to steal and resell over $1,000,000 of minutes from VoIP service providers.
http://www.thevoicereport.com/TelecomJunkiesArchive-VoIPHacker.html
A key point here is the how simple the attacks were. This wasn't a sophisticated VoIP attack, rather exploitation of VoIP systems, through some basic security issues, like bad passwords, unpatched systems, etc.
My Articles/Quotes
- VOIP-Specific Attacks Not an Issue Yet, 3/2008
- Hacking VoIP Exposed - VoIP News, 8/2007
- Seven Tips For VoIP Security Success - BSM, 2/2007
- VOIP: What? Me Worry?, 2/2007
- VoIP Security on Parade: Collier Predictions; ITEXPO Education, 2/2007
- VoIP Security: Cisco Unified CallManager Quiz & Chapter, 2/2007
- RSA '07: VoIP security threatened by default settings, warn experts - Network World, 2/2007
- Residential VoIP Security Tips from voip.com, 2/2007
- SAP INFO, 2/2007
- The Forum for Business IP Telephony - VoiceCon Enews -, 1/2007
- VoIP, IP Telephony - VoIP Risks Take Center Stage in 2007 - CRN, 1/2007
- McGraw-Hill Publishes `Hacking Exposed: VoIP' Book Co-Authored by TippingPoint and SecureLogix Experts, 1/2007
- Dark Reading - Desktop Security - VOIP More Vulnerable - Security News Analysis, 12/2006
- VoIP Loop Book Review, 1/2007
- VoIP Soon to Be a Target for ..., 1/2007
- Book Review: Hacking Exposed VoIP - VARBusiness, 1/2007
- Security Threats Come A-Callin', 8/2006
- Enterprise View: Voice over IP Security, TMCNet, 10/2005
- Skype Security, VoIP Magazine, 2/2006
- The Value of VoIP Security, Recent Repost, Communications Convergence, 2/2006
- VOIPSA Threat Taxonomy Summary, VoIP Magazine, 1/2006
VoIP Security Blogs/Links
- Voice Over Packet Security Forum :: Your single (open) source for NGN/VoIP security issues and solutions (News)
- Dustin D. Trammell
- MADYNES research team Portal
- VoIP security - Network World
- Sipera - VoIP Vulnerabilities: Resources
- VoIP security Special Report at silicon.com
- IP Telephony (VOIP) Security: Threats, Defenses and Countermeasures
- VoIP Security - Voxilla Forum
- Blue Box: The VoIP Security Podcast
- Voice Over IP Security Alliance (VoIPSA)
Tools
- Tools | iSEC Partners
- Software — MADYNES research team Portal
- SIPVicious
- Primeobsession :: For number / security geeks!! - VOIP Sound Board
- xenion HQ - RTP Break
- TacVoIP: Hardcore VoIP Security
- VOIPSA : Resources : VoIP Security Tools
- Hacking Exposed VoIP: Voice over IP Security Secrets and Solutions by David Endler and Mark Collier
Podcasts
Books
Interesting Documents
- Paper on General VoIP Security, x/2007
- VoIP Security Research Paper, x/2007
- SANS Institute - VoIP Security Vulnerabilities, 12/2007
- Draft RFC Defining Session Border Controllers, 12/2007
- Draft RFC For SIP Identity Using Media Path
- Draft RFC for Asserted Identity in SIP
- Draft RFC for Handling Session Keys for SRTP
- eBook from ShoreTel With Chapter on VoIP Security
- SIP Threats
- McAfee's Sage Issue on the Future of Security
Interesting Presentations
- Another Presentation on Nortel Unistim Vulnerabilities, xx/2007
- Presentation on Nortel Unistim Vulnerabilities, xx/2007
- Remote Eavesdropping Using Cisco Phones, xx/2007
- Peer-to-peer SIP Security Presentation, 2/2008
- Voice of VOIPSA » Blog Archive » “Hacking and Attacking VoIP Systems” - Slides from my Astricon 2007 presentation about Asterisk and VoIP security, 1/2008
- 3rd ETSI Security Workshop Agenda, 1/2008
- Voice of VOIPSA » Blog Archive » “Hacking and Attacking VoIP Systems” - Slides from my Astricon 2007 presentation about Asterisk and VoIP security, 1/2008
- Hannes Tschofenig � My Slides from the 3rd ETSI Security Workshop, 1/2008
- Independent Research | iSEC Partners
- RTP Stenography
SPIT/Voice SPAM
- SIP Usage Scenarios Similar to SPIT, 1/2008
- RFC 5039 - The Session Initiation Protocol (SIP) and Spam, 1/2008
- Does UC present new opportunities for spammers? | IT Security | TechRepublic.com, 1/2008
- SPAM and SPIT: what are the dangers? | IT Security | TechRepublic.com, 1/2008
- Draft RFC For SPIT Mitigation (SPIT Score), 12/2007
- Why VoIP is the next target for spammers | Technology | The Guardian, 11/2007
- Voice of VOIPSA » Blog Archive » Now I’ve CAPTCHA’d Your Attention, 7/2007
- Voice of VOIPSA � Blog Archive � IETF group puts forward framework to combat SPIT (VoIP spam) for discussion, 6/2007
- Getting Smart About SPIT - Voxilla, 3/2007
- Voice of VOIPSA � Blog Archive � Combatting Voice SPAM with VoIP SEAL, 3/2007
Phishing
- Your phone may be under attack - MSN Money, 4/2007
- Voice of VOIPSA � Blog Archive � New VoIP Phishing Scheme, 3/2007
- Phishers' Latest Platforms: VoIP, SMS - Technology News by TechWeb, 1/2007
- Phishing attacks now using phone calls - USATODAY.com, 12/2006
- New Bait for Phishing Scams, 11/2006
- Phishing attacks now using phone calls - USATODAY.com, 11/2006
- Phishing Scams – Don't Get Hooked!, 7/2006
- Phishers Hit The Phone Bank With Asterisk, 8/2006
- Something's phishy - Security - Technology - smh.com.au, 10/2006
