Slashdot Mirror

← Back to Stories (view on slashdot.org)

Overlooked VoIP Security Issues?

Posted by ryuzaki0 on from the missed-vulnerabilities dept.

penciling_in asks: "Voiponder is running an informative article identifying VoIP attacks, which are applicable to current systems but lack public awareness and are, for the most part, misunderstood. The author's primary purpose is to 'discuss two of the most well known attacks that can be carried out in current VoIP deployments. The first attack demonstrates the ability to hijack a user's VoIP Subscription and subsequent communications. The second attack looks at the ability to eavesdrop in to VoIP communications.' This leaves me begging the question: What other not-so-publicized VoIP security issues should companies be watching out for?"

7 of 42 comments (clear)

  1. Gasp! by Loonacy · · Score: 4, Insightful

    An unencrypted protocol is susceptible to man-in-the-middle attacks? Who'da thunk?

  2. Uhh... by isometrick · · Score: 2, Insightful

    On the first one (registration hijacking) we have 401 unauthorized and WWW-Authenticate (similar to HTTP digest authentication). So unless you know the peer's shared secret with the registrar, you're out of luck. As well as CSeq to prevent message replay.

    On the second one ... really? You can listen to completely unencrypted trivially compressed audio packets if you can sniff them? Duh. So you either rely on nobody being in the middle on a switched network, or you encrypt it.

    Is anyone in the biz really unaware of this?

  3. Oreka by henrih · · Score: 4, Informative

    Disclaimer: I'm lead developer on Oreka.

    You can very easily record all RTP traffic on a given ethernet span to wav files on disk using a sniffing tool such as http://www.oreka.org/. Most people don't use encryption yet in the VoIP field. This will catch SIP, H.323 and Cisco Skinny traffic, i.e. most of the existing traffic except IAX (asterisk) type traffic.

  4. Re:Any type of DOS attack by RingDev · · Score: 2, Interesting

    Ask your boss if he would be more concerned with the government listening in on the company's VIOP calls, or if a Russian hacker spammed your voice mail system with a demand for $50,000 or the system would be shut down(dos'd)?

    It's a common enough occurrence in digital service providers. Get a zombie net together, threaten a company with a demand they can afford, shut them down for a day, then wait for the money. The same attack style that the RIAA uses against college students. Sure, losing $3k as a student (or $50k as a company) sucks, but you can survive it, and it's significantly cheaper then trying to fight it.

    -Rick

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
  5. There's an unspoken assumption here. by techno-vampire · · Score: 2, Insightful

    The article assumes that VOIP software is going to be sending/receiving VOIP and nothing else. Imagine a trojan that looks for and infects VOIP software, then uses it to phone home and send any confidential info to the server using the VOIP ports. All your user names, passwords, credit card info. Next, it sends home a list of all files. The server checks for certain obvious possibilities (e.g., customer.db, address.db, etc.) and replies with instructions to have them sent as well. Identity theft, wholesale and automated.

    --
    Good, inexpensive web hosting
  6. Securityschmurity by thegrassyknowl · · Score: 5, Interesting

    People have trusted their telephone lines for years.

    It's easy for someone to listen in on your phone call. All they need to do is be in a position of trust between your handset and the other person's handset. You wouldn't even know they were there. Do you really trust all the line techs and the people who run the telecoms networks not to snoop on you?

    Admittedly, it's not as easy to hijack a phone line unless you are in the same position of trust. VoIP makes stealing the connection a little easier. Software faults lead the way to security issues and the ability to break into VoIP servers or just do nasty things to the data on the wire.

    I liken VoIP to having a cordless phone on your line. With the right equipment I can sniff a corless phone call and play back the parts of it that tell the base station the handset wants to make a phone call. DECT is a littler harder, but apparantly still doable. If you're still using a 30MHz FM cordless phone then the right equipment is available for tens of dollars at your local rat shack!

    Phil Zimmermann recently released some encrypted VoIP software that solves the eavesdropping problem with a good level of security. I can imagine that phone companies and governments will soon be trying like shit to outlaw encrypted VoIP comms because it means all those wiretaps they are so fond of doing become useless.

    I trust my VoIP provider, currently. I log into their SIP server which is at the other end of my DSL connection. They are also my ISP so I know my data never leaves their network except when it is put back on the PSTN. This also has advantages for downstream QoS (they implement it for their own SIP server) so I don't ever get dropouts.

    --
    I drink to make other people interesting!
  7. Encryption by mishehu · · Score: 2, Interesting

    The potential problem is that encryption of the voice stream adds latency to the transmission of the stream. Optimally you want 150 ms or less to pass in transmission, otherwise Bad Things can occur.

    That being said, we have just switched Freeswitch to use SRTP in the past few days, which appears to support keyed transport. Does anybody else have experience using this library and can tell about your experience encrypting SIP and/or RTP with it?