Presentation by Dan York on VoIP/UC Security

Dan York did a recent presentation on VoIP/UC security. I provided a link to the slides. I don't have the audio, I will post it if I find it. The title of the presentation is "Does anyone really give a ___ about VoIP security?".

Right now, I don't think most people really care too much about VoIP security. My take though (and I have said it efore), its not about VoIP/UC-specific security. It is and always has been about voice/communications security - attackers go after voice systems for the same reasons they have for a long time - namely, fraud/theft of service, DoS, harassment, social engineering, and more and more, for SPAM and phishing. Same old threats, it is just that VoIP/UC makes it easier and cheaper to execute these attacks.

http://www.7ducattacks.com/2011/12/slides-does-anyone-really-give-a-_____-about-voip-security.html

Social Media Used for Harassing Caller/TDoS

We have seen a number of cases where social medial/networking sites, such as facebook and twitter, were used to organized calling campaigns against corporations, the government, politicians, etc. Here is the latest example I have seen, titled "Occupy the Phones", where the organizer sets up facebook events to organize dialing campaigns. While these campaigns/attacks are very sophisticated, they can definitely tie up an organizations phone lines.

http://www.facebook.com/pages/Occupy-the-Phones/258843427490295

 

Robo-dialing/Automated Calling Website

Here is a website that offers a robo-dialing capability that you can use to send a voice message to polititians. The website states that since they are doing it to you, you may as well do it back to them. It doesn't let you dial other people or load up a ton of calls for one destination. I am sure we will see other "services" like this and also hackers using the same capability to generate harassing, spam, voice phishing, or outright Telephony Denial of Service (TDoS) calls.

http://reverserobocall.com/

New York Times Article About Toll Fraud Being Used to Fund Terrorists

Here is an article in the New York Times that describes how toll fraud is being used to fund terrorist activities:

http://www.nytimes.com/2011/11/27/world/asia/4-in-philippines-accused-of-hacking-us-phones-to-aid-terrorists.html?_r=2

 

New Version of VoIP Hopper is Available

A new version of VoIPHopper is available. Here is a link to an article describing it. For those not familiar with VoIPHopper, it allows you to hop/cross VLANs to access VoIP data.

http://www.darknet.org.uk/2011/11/voip-hopper-2-01-released-ip-phone-vlan-hopping-tool/

 

Article About VoIP DDoS Attacks

Here is an article about Distributed Denial of Service (DDoS) attacks against VoIP services:

http://www.cio.com.au/article/402962/massive_ddos_attacks_growing_threat_voip_services/#closeme