VoIP - Vulnerability over Internet Protocol
by Wil Allsopp - consultant at Secure Test - Monday, 22 March 2004.
Having discovered the vulnerabilities with regard to DoS attacks, tests then moved on to see whether the ARP spoofing attacks, specifically data interception, were possible. Any fan of spy films will know that telephone tapping is perfectly possible on traditional PSTN based phones. Since this usually requires a hardwire tap to be set into the PBX, however, this becomes a question of the physical security of the core infrastructure. Initial tests on VoIP phones, however, have shown that where data is not encrypted, it is relatively easy to intercept, listen-in on or record conversations on any phone, from any other phone point on the network. Worryingly, most of the commonly used VoIP phones do not encrypt traffic by default and currently, many do not even support the necessary protocols to make this possible.

Initial tests on the Cisco 7900 have proved that it is possible to carry out an ARP attack on a target phone which draws the data stream through the attackers' computer. As any conversation is transmitted in the clear using standard RTP (Real time Transfer Protocol), this can easily be decoded, listened in-on and recombined in real time, leaving the victim(s) none the wiser.

As researchers found it relatively simple to develop a tool to automate this process, it can safely be assumed that such tools are freely available on the Internet. This means that where VoIP handsets do not support the secure RTP protocol necessary to protect traffic (as with all current Cisco phones) it should be assumed that all communications could be intercepted.

All of the attacks outlined above are difficult to guard against as they work using the very essence of convergence; that you do not physically segregate the data network and the phone system. Even where separate IP networks are used, you can simply plug a PC in to the telephone network via the phone port. As one of the major advantages of VoIP is computer telephony integration (ie. screen pop-up with call information and multi-channel CRM systems) most hardware phones contain a built in switch to allow a PC and a phone to occupy the same port.

Looking beyond this, the increased sophistication of an IP based telephone network even makes it easier to create Trojans to carry out these and other attacks remotely. Secure Test most recent studies suggest that once a network has been infected, this makes is perfectly feasible to tap VoIP calls and carry out DoS attacks remotely from outside the company network.

Spotlight

Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //