It’s Just Not Meant To Be Open

At Spring VON Europe, Ari Takanen said something very interesting about security of legacy interfaces in the panel session on The Real Risks of VoIP Security. In the discussion of established phone networks versus VoIP or next generation networks, he pointed out that “some interfaces are not designed to be open”, and therefore these can be particularly vulnerable to attack if for some reason that interface does get revealed. Ari gave the example of MGCP, the protocol that allows control of media gateways used in the PSTN.

MGCP is a functional interface that allows an application, or controller, to remotely instruct a media gateway how to handle a call, for example play a tone or voice prompt, perhaps wait for DTMF input. MGCP is designed for a tight relationship between controller and media gateway, but in its very design it is assumed that both components are secure inside a carrier’s network, and so security of the interface is a secondary concern. This means that should an ‘evil’ application get access to the MGCP interface, it can perform DoS attacks and other mayhem, and disrupt the operation of essential services, for example IVRs and prepay services.

As we transition from legacy PSTN (SS7) networks to NGN, there are going to be some shocks along the way. PSTN networks are closed today, with all the signalling hidden behind borders that potential hackers have no access too. However, as tools like SIGTRAN make telcos more-and-more embrace the TCP/IP world, all sorts of interfaces that should be concealed will from time-to-time offer new opportunities for hackers to try. We don’t have to switch the whole system over to SIP before enhanced security for telephony should be on the agenda.