« “UC Security” group now on LinkedIn
Looking for a few good VoIP security writers… »

Tricking SIP Endpoints Into Divulging Authentication Credentials

March 31st, 2009 by Dustin D. Trammell

This is a neat trick. By doing a little up-front scanning and/or guesswork, an attacker can send an INVITE directly to a SIP user agent, causing the device to ring.  Then, when the user agent issues the BYE message to hang-up, the attacker can respond with a 407 Proxy authorization required message, causing the endpoint to then respond with it’s authentication credentials, essentially handing them directly to the attacker.

The page linked above indicates that this attack is currently implemented in the VoIP Pack for CANVAS, so it’s essentially packaged and ready to use for you CANVAS users.  You can see a video of this being used in CANVAS here.  I would expect to see this credential-harvesting attack in other exploitation frameworks or stand-alone tools shortly…

This entry was posted on Tuesday, March 31st, 2009 at 7:23 pm and is filed under SIP, Security, VoIP Security, VoIP Security Research, VoIP Security Tools, VoIP Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Tricking SIP Endpoints Into Divulging Authentication Credentials”

  1. How to exploit the SIP Digest leak - a tutorial « EnableSecurity Says:
    April 1st, 2009 at 10:40 am

    [...] because there’s been quite some buzz on this on Twitter and some VoIP security blogs. The VOIPSA post explains that this is available to CANVAS users. Check out the VOIPPACK page for more information. [...]

Leave a Reply

Twitter Users
Enter your personal information in the form or sign in with your Twitter account by clicking the button below.