[VOIPSEC] VOIP Telephone exploitation

Ari Takanen voipsa at codenomicon.com
Sat Oct 17 14:51:19 CDT 2009 

Hi Bob,

In VoIP most problems are because vendors do not activate encryption
and key management by default. A plain SIP+RTP implementation is
always vulnerabile to a huge number of issues, for which there is not
really any other fix but to start using TCP and/or TLS for SIP, and
some type of encryption for RTP. Even if such functionality is
available, very few deployments actually use them. You get what you
deserve.

Regarding real, zero day threats in devices: trojans, and so on... The
only method to eliminate them is to fix the software. Fortunately VoIP
is one of the most active areas of fuzzing and zero day discovery. And
so is cell-phone fuzzing. If you take any software product for VoIP or
mobile communications that has not gone through fuzz testing, you will
easily find tens if not hundreds of zero day buffer overflow and
denial of service bugs. At least using our fuzzing tools. It is still
embarrassing even for me to demonstrate SBC or SIP-aware firewall
crashing from a zero-day buffer overflow test. You would think at
least the security vendors would finally get it.

Best regards,

/Ari


On Sat, Oct 17, 2009 at 09:48:57AM -0500, brolen wrote:
> Since the inception of your group, have you identified a clear cut strategy to detect, identify and guard against remote eavesdropping on a VOIP system such as the Cisco-IP phone.  In addition, what tests are being used to identify the activation of the remote maintenance or remote observation features.
> 
> I would certainly like to hear from some of your members regarding the defenses and protections for VOIP systems that a company can logically employ.
> 
> In addition, has anyone made any headway into the detection and removal of Trojans or rootkits on cellphones.  This appears to be a rather large effort for attacking devices such as I-phones, Blackberrys etc.
> 
> Thanks, 
> Bob Rolen
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

-- 
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
Ari Takanen                       Codenomicon Ltd.
ari.takanen at codenomicon.com       Tutkijantie 4E
tel: +358-40 50 67678             FI-90570 Oulu
http://www.codenomicon.com        Finland
PGP: http://www.codenomicon.com/codenomicon-key.asc
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

More information about the Voipsec mailing list