[VOIPSEC] VOIP Just Another Way to Hack
Simon Horne
s.horne at packetizer.com
Fri Jul 6 01:21:41 BST 2007
Interesting article.
Experts: VOIP Just Another Way to Hack
http://www.dailypayload.com/2774
It is important to note from this article 2 specific vulnerabilities of SIP
which I mentioned previously
1. The malformed invite vulnerability
Which provides a hacker the ability to shutdown the most expensive VoIP
system at will with nothing more than a text editor and a perl script.
2. The registration vulnerability.
MD5 digest authentication has been proven to be very weak protection for a
person wishing to gain access to the system. With nothing more than the
SIPcrack program or even just a UDP dump, a hacker can break into a SIP
system without (in most cases) detection and can make money terminating
calls through to the enterprise PSTN.
Both of these vulnerabilities can be deemed critical. The first is being
addressed on a vendor by vendor basis however is the second even being
addressed?.
To make things worse, as I have mentioned before, any SPIT protection
system based on SIP Identity and that identity is allocated to the user by
a SIP server (and not by the UA directly) is susceptible to SIP Identity
theft as a hacker can exploit the registration vulnerability to steal
someone's identity. As in real life, once you identity is stolen and a
crime is committed (in this case SPIT) then it becomes extremely difficult
to clear your name. Making it just another potential vulnerability.
Simon
More information about the Voipsec
mailing list