[VOIPSEC] Caller ID hacks and trust boundaries in the world of SIP

Johansson Olle E oej at edvina.net
Wed Jul 23 02:52:39 CDT 2008 

23 jul 2008 kl. 03.51 skrev Dan York:

> VOIPSEC readers,
>
> Some of you may have read in the press about Kevin Mitnick's
> demonstration at the Last HOPE conference over the weekend of a
> modification to Asterisk that allows blocked Caller ID to be
> displayed.  As I note in this lengthy post to the VOIPSA blog, it's
> really an issue related to where the "trust boundaries" are
> established as we continue in our ongoing work as an industry of
> blowing apart the network formerly known as the PSTN:
>
> http://voipsa.org/blog/2008/07/23/asterisk-hack-to-show-blocked-caller-id-points-to-larger-trust-issues-with-sip/
>
> If that URL breaks in your mail client, try: http://bit.ly/bl7xT
>
> I've already had it pointed out to me (thanks!) that SS7 has the
> basically identical "privacy bit" feature, but the SS7 trust boundary
> was such that this information wouldn't be passed to subscriber/
> customer equipment.  In our new world of SIP, those boundaries aren't
> yet established.


Well, the boundaries are well defined at the PSTN gateways where telcos
in many cases require a separate agreement for Caller ID trust. The  
problem
is that there's a lot of new kids on the block in the telco world,  
that doesn't handle
this properly and send blocked Caller IDs to all customers, with or  
without
the Caller ID presentation flag properly set.

In some countries, it's illegal to transmit the actual caller ID in  
signalling
when a customer has required privacy. It's only allowed withing the  
trust
boundary where telcos exchange traffic. There are many SIP providers
that use the phone number as the SIP account name. Even if the customer
requires blocked Caller ID, the phone number is transmitted in clear  
text
over Internet, which is a problem.

By implementing protocols like ISDN and SS7 in Open Source Asterisk is
exposing weaknesses in protocols and implementations of these
protocols in new ways. It's like the first days of an Internet where  
users
did not have to be trusted UNIX sysadmins with root access. That
exposed  problems with clear text passwords in protocols like
telnet and ftp. Asterisk is doing the same in the telco world. Time
to wake up, I guess.

I usually say that even with lousy MD5 authentication in SIP, we're  
still
far more secure than most ISDN connections. That's very worrysome.

/Olle

More information about the Voipsec mailing list