Comments on: Phone “Phreakers” Steal Minutes http://voipsa.org/blog/2007/03/12/phone-phreakers-steal-minutes/ Collective thoughts and musings on the state of VoIP security today. Mon, 06 Oct 2008 23:36:54 +0000 http://wordpress.org/?v=2.6.2 By: Emmanuel Gadaix http://voipsa.org/blog/2007/03/12/phone-phreakers-steal-minutes/#comment-37586 Emmanuel Gadaix Sun, 25 Mar 2007 12:43:22 +0000 http://voipsa.org/blog/2007/03/12/phone-phreakers-steal-minutes/#comment-37586 There are several methods used to compromise VoIP companies: - Vendors platforms' vulnerabilities. Some vendors have glaring holes in their proprietary platforms, and anyone knowing about them can compromise them. While such vulnerabilities are not generally made public, they do exist and are actively exploited by VoIP hackers and criminals. - Obtaining SIP credentials. All you need to setup a rogue VoIP trunk is a SIP username and PIN/password. It is easier to obtain that you may think. One easy target are the VoIP devices such as ATA. We have seen VoIP hackers bruteforcing VoIP companies' websites (the one used e.g. by subscribers to check their account balance) in order to obtain a valid SIP user. Once they have the user they'll bruteforce the PIN code, you'd be surprised how many times it's the same as the SIP account number or simply a 4-digit number. - Hacking in the VoIP internal network. Because VoIP companies are usually busy with their business they often overlook securing their infrastructure properly. Particularly young companies in emerging countries. Once inside their network VoIP hackers locate the subscribers' database and either create a new 'ghost' account or extract credentials for existing accounts. We have seen such intrusions, some of them had also removed CDR records to evade detection. There are several methods used to compromise VoIP companies:
- Vendors platforms’ vulnerabilities. Some vendors have glaring holes in their proprietary platforms, and anyone knowing about them can compromise them. While such vulnerabilities are not generally made public, they do exist and are actively exploited by VoIP hackers and criminals.
- Obtaining SIP credentials. All you need to setup a rogue VoIP trunk is a SIP username and PIN/password. It is easier to obtain that you may think. One easy target are the VoIP devices such as ATA. We have seen VoIP hackers bruteforcing VoIP companies’ websites (the one used e.g. by subscribers to check their account balance) in order to obtain a valid SIP user. Once they have the user they’ll bruteforce the PIN code, you’d be surprised how many times it’s the same as the SIP account number or simply a 4-digit number.
- Hacking in the VoIP internal network. Because VoIP companies are usually busy with their business they often overlook securing their infrastructure properly. Particularly young companies in emerging countries. Once inside their network VoIP hackers locate the subscribers’ database and either create a new ‘ghost’ account or extract credentials for existing accounts. We have seen such intrusions, some of them had also removed CDR records to evade detection.

]]> By: Dan York http://voipsa.org/blog/2007/03/12/phone-phreakers-steal-minutes/#comment-30417 Dan York Wed, 14 Mar 2007 14:34:34 +0000 http://voipsa.org/blog/2007/03/12/phone-phreakers-steal-minutes/#comment-30417 Dave, I, too, would be interested in more background about the stats and the actual method of compromise. I did, though, have a bit of a knee-jerk reaction that some of this may be hype from the firm quoted in the article, "Stealth Communications", because of the last paragraph: "<em>For protection, telecoms are turning to private VoIP networks, separate from the public Internet. More than 1,000 telecoms, including AT&T, SunRocket and China Telecom, now buy and sell minutes on a network owned by Stealth Communications. It carried more than 10 percent of all VoIP traffic last year, a sevenfold increase over 2005. That percentage is expected to keep growing.</em>" This, to me, does not exactly make them a neutral provider of statistics and information. I will be very interested to see if more concrete info from neutral sources can be found. Dan Dave,

I, too, would be interested in more background about the stats and the actual method of compromise. I did, though, have a bit of a knee-jerk reaction that some of this may be hype from the firm quoted in the article, “Stealth Communications”, because of the last paragraph:

For protection, telecoms are turning to private VoIP networks, separate from the public Internet. More than 1,000 telecoms, including AT&T, SunRocket and China Telecom, now buy and sell minutes on a network owned by Stealth Communications. It carried more than 10 percent of all VoIP traffic last year, a sevenfold increase over 2005. That percentage is expected to keep growing.

This, to me, does not exactly make them a neutral provider of statistics and information. I will be very interested to see if more concrete info from neutral sources can be found.

Dan

]]>