Recent Posts

Search Blog

  • Search Blog
    Google

    WWW
    voipsecurityblog.typepad.com
Subscribe to this blog's feed

September 2009

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

Archives

More...

Books

Conferences

Advisory Sites

Advisories

General Articles

« New Wardialing Tool - WarVOX | Main | Headed out to Voicecon »

YouTube Video About Tunneling Data Through a VoIP Call

Here is a YouTube video describing, at a super high level, how to tunnel information through a VoIP call. There is nothing really new here, just a quick summary of how to do it. They use the term "Vunnel", man I sure hope that does not catch on.

http://www.highdatasecurity.com/how-to-vunnel-steal-information-through-voip.html

Note that this attack won't work in a typical enterprise, because virtually all calls are still converted to TDM by media gateways. Typical connections over the PSTN are "lossy" and the information will arrive corrupted. Thats why modems are used. This attack will only work for an end-to-end IP call, where nothing in the network fiddles with the data. An example would be transcoding, where one codec, like G.711 is coverted to G.729, again resulting in lost data.

If this attack becomes an issue, one way to solve it is to make sure only authenticated IP phones and softphones can connect to the call agent. Another way is for an edge security device to watch for "voice" call that are really data calls.

March 19, 2009 in Mark Collier, SecureLogix, VoIP Security |

Comments

f

I tried this and it fits my needs.
http://voipsipsdk.com/Download.aspx

Posted by: f | April 13, 2009 at 04:53 AM

Paul Sand

This attack is actually quite successful in a typical enterprise. Media Gateways really don't molest the payload of most VoIP calls. The Media Gateways almost always interconnect to the PSTN with ISDN-PRIs. The VoIP traffic almost always is G.711. Both the ISDN-PRIs and G.711 use mu-law PCM encoding. This means the media gateway does absolutely no transcoding and thus does not introduce any loss. Salare Security will shortly be releasing a white paper addressing this particular myth of media gateways. I'll post back when it is ready to go.

The counter measures suggested do not work. The endpoints used in a Vunneling exploit are authenticated IP phones and softphones. Relying on "edge security devices" does not work either. The edge security devices capable are not capable of examining the content of the VoIP media channel -- it very likely is encrypted and the impact of doing something like this would be disastrous to latency and jitter. The only solution I know that can defend against this exploit is Salare's vPurity appliance or OEM software.

Posted by: Paul Sand | April 23, 2009 at 10:11 AM

Paul Sand

Salare Security has just released the white paper ("Easy Out") I mentioned in a previous comment. The white paper can be found at http://www.salaresecurity.com/EasyOut.html. Data can be stolen through VoIP Media Gateways, the white paper explains how it can be easily be done.

Posted by: Paul Sand | May 10, 2009 at 10:09 PM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

About

My Photo
Add me to your TypePad People list

My Articles/Quotes

VoIP Security Blogs/Links

Tools

Interesting Documents

Interesting RFCs

Interesting Presentations

Voice SPAM/Voice Phishing

Phishing