[VOIPSEC] Vonage To Make 911 An 'Opt-Out' Option
Kirill Bolshakov
kirill at sjlabs.com
Fri May 13 18:32:00 BST 2005
Robert Moskowitz wrote:
> At 12:53 AM 5/13/2005, Candace Holman wrote:
>
>> Some locations don't provide traditional 911 access for VoIP, it just
>> connects to an out of band administrative line at the answer point.
>> They are supposed to make sure that the answer point is aware that
>> emergency calls may come in on that admin line. But in terms of
>> security, instead of having to go to the trouble of snipping your
>> phone or cable wires, with this in place a criminal attacker can just
>> hack your Vonage account to disable your emergency communication line.
>
>
> How does one hack a Vonage account?
>
> I can only think of three ways: Standard SSL MITM attacks (requires
> shared media), Keystroke capturing spyware, attacks against Vonage
> account server. Number 2 is the most vunerable, it would seem. And the
> attacker would typically be after things other than disabling emergency
> communications?
>
>
> Robert Moskowitz
> Senior Technical Director
> ICSA Labs, a division of Cybertrust, Inc.
> W: 248-968-9809
> F: 248-968-2824
> VoIP: 248-291-0713
> E: rgm at icsalabs.com
>
> There's no limit to what can be accomplished if it doesn't matter who
> gets the credit
I would suggest considering a couple more ways of either getting into
the signaling path (for attacks on digest auth or for providing fake
servers) or obtaining the password:
If DNS is used, the attack may be mounted against the DNS server the
client is using. All SIP traffic gets redirected to the adversary's
server. Then setup a fake server (including fake emergency service),
mount an attack on digest auth, etc.
Using the achievements of the previous attack, or by simply calling the
user's UA, a PROTOS-like attack may be mounted against the UA software
implementation. In case there are flaws in the implementation, this will
lead to either DoS or remote control of the UA. In the latter case, an
attempt to fetch user's login/password is a natural step.
Regards,
Kirill
More information about the Voipsec
mailing list