This is a neat trick. By doing a little up-front scanning and/or guesswork, an attacker can send an INVITE directly to a SIP user agent, causing the device to ring. Then, when the user agent issues the BYE message to hang-up, the attacker can respond with a 407 Proxy authorization required message, causing the endpoint to then respond with it’s authentication credentials, essentially handing them directly to the attacker.
The page linked above indicates that this attack is currently implemented in the VoIP Pack for CANVAS, so it’s essentially packaged and ready to use for you CANVAS users. You can see a video of this being used in CANVAS here. I would expect to see this credential-harvesting attack in other exploitation frameworks or stand-alone tools shortly…
If you are a LinkedIn user (as I am), there is now a “UC Security” group that you can join. The description of the group is:
Unified Communications is blurring the boundaries between Voice, Video and Data networks. As such, security threats that used to be in islands are now easily traversing across the network boundaries. UC Security provides a forum for people to share the common security issues around UC.
I can see that several of the “usual characters” in our security circles are already members of the group.
As we mentioned back in July, there is also a VOIPSA group on LinkedIn which you are welcome to join as well.
I am still not personally entirely sold on the value of LinkedIn groups, but I do have to admit that some of the discussions have in fact been useful and interesting. If you are a LinkedIn user, you may want to check out these groups and join in the discussions (or at least promote the existence of the groups through having them on your LinkedIn profile).
security, uc, unifiedcommunications, voip, voipsecurity, voipsa, linkedin
HD Moore of Metasploit Project fame has just released a new set of free War Dialing tools called WarVOX. What makes these new tools so interesting is that they leverage VoIP service providers to scan and analyze hundreds of phone numbers, finding modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders much much faster than any modem ever could. Check out the WarVOX screenshots which show the interface and slick reporting features.