[VOIPSEC] VOIP Telephone exploitation
Dorgham Sisalem
sisalem at iptel.org
Mon Oct 19 09:27:52 CDT 2009
also while encryption is surely a nice thing to have, it would be
already a great step forward if the VoIP phonen have some kind of
filtering mechanisms that would enable them to accept SIP traffic only
coming from the IP address of their proxy server. Everything else would
be dropped. Sure, an attacker can spoof IP addresses, but this is not
always possible and would require attackers to do some more work.
cheers
Rubino, Mark (Mark) wrote:
>
>
> While I agree that encryption would be the way to go I also agree it is
> difficult to deploy and expensive to maintain for the majority of VoIP
> users other than the largest and more capable of end users.
>
> Check the VoIPSA Resources and the web for general information regarding
> securing VoIP. I recommend contacting your specific vendor for their
> VoIP security best practices regarding secure network design (regardless
> of encryption). From what I have seen the security deployed for a
> particular VoIP system is dependant on the equipment involved, the
> overall network design and cost.
>
> Regarding the Cisco phones 'remote monitoring' ability, is there any
> additional data on this - is it skinny, H323 or SIP protocol based Cisco
> phones?. I don't suppose anyone would have a trace for review? Going out
> on a limb I would suggest investigating means to alert on one-way VoIP
> streams...
>
>
>
> Regards,
> Mark
>
>
> -----Original Message-----
> From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
> Behalf Of voipsec-request at voipsa.org
> Sent: Sunday, October 18, 2009 7:00 AM
> To: voipsec at voipsa.org
> Subject: Voipsec Digest, Vol 58, Issue 4
>
> Send Voipsec mailing list submissions to
> voipsec at voipsa.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> or, via email, send a message with subject or body 'help' to
> voipsec-request at voipsa.org
>
> You can reach the person managing the list at
> voipsec-owner at voipsa.org
>
> When replying, please edit your Subject line so it is more specific than
> "Re: Contents of Voipsec digest..."
>
>
> Today's Topics:
>
> 1. VOIP Telephone exploitation (brolen)
> 2. Re: VOIP Telephone exploitation (Ari Takanen)
> 3. Re: VOIP Telephone exploitation (Jerome Athias)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 17 Oct 2009 09:48:57 -0500
> From: "brolen" <brolen at mindspring.com>
> To: <voipsec at voipsa.org>
> Subject: [VOIPSEC] VOIP Telephone exploitation
> Message-ID: <B8F0106AB1784A84928B392635EC05D4 at Office>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Since the inception of your group, have you identified a clear cut
> strategy to detect, identify and guard against remote eavesdropping on a
> VOIP system such as the Cisco-IP phone. In addition, what tests are
> being used to identify the activation of the remote maintenance or
> remote observation features.
>
> I would certainly like to hear from some of your members regarding the
> defenses and protections for VOIP systems that a company can logically
> employ.
>
> In addition, has anyone made any headway into the detection and removal
> of Trojans or rootkits on cellphones. This appears to be a rather large
> effort for attacking devices such as I-phones, Blackberrys etc.
>
> Thanks,
> Bob Rolen
>
> ------------------------------
>
> Message: 2
> Date: Sat, 17 Oct 2009 22:51:19 +0300
> From: Ari Takanen <voipsa at codenomicon.com>
> To: brolen <brolen at mindspring.com>
> Cc: voipsec at voipsa.org
> Subject: Re: [VOIPSEC] VOIP Telephone exploitation
> Message-ID: <20091017195119.GC6819 at codenomicon.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hi Bob,
>
> In VoIP most problems are because vendors do not activate encryption and
> key management by default. A plain SIP+RTP implementation is always
> vulnerabile to a huge number of issues, for which there is not really
> any other fix but to start using TCP and/or TLS for SIP, and some type
> of encryption for RTP. Even if such functionality is available, very few
> deployments actually use them. You get what you deserve.
>
> Regarding real, zero day threats in devices: trojans, and so on... The
> only method to eliminate them is to fix the software. Fortunately VoIP
> is one of the most active areas of fuzzing and zero day discovery. And
> so is cell-phone fuzzing. If you take any software product for VoIP or
> mobile communications that has not gone through fuzz testing, you will
> easily find tens if not hundreds of zero day buffer overflow and denial
> of service bugs. At least using our fuzzing tools. It is still
> embarrassing even for me to demonstrate SBC or SIP-aware firewall
> crashing from a zero-day buffer overflow test. You would think at least
> the security vendors would finally get it.
>
> Best regards,
>
> /Ari
>
>
> On Sat, Oct 17, 2009 at 09:48:57AM -0500, brolen wrote:
>
>> Since the inception of your group, have you identified a clear cut
>>
> strategy to detect, identify and guard against remote eavesdropping on a
> VOIP system such as the Cisco-IP phone. In addition, what tests are
> being used to identify the activation of the remote maintenance or
> remote observation features.
>
>> I would certainly like to hear from some of your members regarding the
>>
> defenses and protections for VOIP systems that a company can logically
> employ.
>
>> In addition, has anyone made any headway into the detection and
>>
> removal of Trojans or rootkits on cellphones. This appears to be a
> rather large effort for attacking devices such as I-phones, Blackberrys
> etc.
>
>> Thanks,
>> Bob Rolen
>> _______________________________________________
>> Voipsec mailing list
>> Voipsec at voipsa.org
>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
>
> --
> -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
> Ari Takanen Codenomicon Ltd.
> ari.takanen at codenomicon.com Tutkijantie 4E
> tel: +358-40 50 67678 FI-90570 Oulu
> http://www.codenomicon.com Finland
> PGP: http://www.codenomicon.com/codenomicon-key.asc
> -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sun, 18 Oct 2009 10:57:17 +0200
> From: Jerome Athias <jerome.athias at free.fr>
> To: brolen <brolen at mindspring.com>
> Cc: voipsec at voipsa.org
> Subject: Re: [VOIPSEC] VOIP Telephone exploitation
> Message-ID: <1255856237.21227.27.camel at juzam>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi,
>
> crypto on Cisco phones is easily breakable.
> The problem is that it couldn't be released because it should be
> impossible for Cisco to update the firmwares, and releasing this stuff
> would be a nightmare for companies using it.
>
> /JA
>
> Le samedi 17 octobre 2009 ? 09:48 -0500, brolen a ?crit :
>
>> Since the inception of your group, have you identified a clear cut
>>
> strategy to detect, identify and guard against remote eavesdropping on a
> VOIP system such as the Cisco-IP phone. In addition, what tests are
> being used to identify the activation of the remote maintenance or
> remote observation features.
>
>> I would certainly like to hear from some of your members regarding the
>>
> defenses and protections for VOIP systems that a company can logically
> employ.
>
>> In addition, has anyone made any headway into the detection and
>>
> removal of Trojans or rootkits on cellphones. This appears to be a
> rather large effort for attacking devices such as I-phones, Blackberrys
> etc.
>
>> Thanks,
>> Bob Rolen
>>
>
>
>
>
> ------------------------------
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> End of Voipsec Digest, Vol 58, Issue 4
> **************************************
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
More information about the Voipsec
mailing list