|
Black Hat Highlights VoIP Vulnerabilities |
|
|
|
Written by Adam Gosling
|
|
Tuesday, 07 August 2007 |
A keynote given
by security researchers from iSec Partners at the Black Hat conference
in Las Vegas has shown exploits capable of compromising H.232 and IAX
with the group also posting tools on its website which demonstrate the
crack.
According to several reports including this one
the keynote detailed half a dozen ways to compromise VoIP systems based
on the H.232 and and the open source Asterisk protocol AIX (Inter
Asterisk Exchange). H.232 is a VoIP protocol supported by leading
enterprise IP telephony vendors Cisco and Avaya.
"There are a lot
of known problems with SIP, but we're here to say H.323 and IAX are
just as bad," Dwivedi is reported saying.
One crack involved sniffing an H.232 authentication
exchange and then doing an offline brute force attack to crack the
encryption and deduce the password required by the system. While a time
stamp is supposed impose a time limit the authentication process in
practice this is usually kept valid for up to an hour after it is first
used giving an attacker plenty of time to decrypt a workable password.
In
another attack, the open source IAX was attacked using
denial-of-service in such a way that the phone was forced to hang up or
be placed on
hold.
The presenters, Himanshu Dwivedi and Zane
Lackey said their intention was to demonstrate that it was not only the
standards-based SIP (Session Initiation Protocol) that contained
vulnerabilities.
SIP got its share of criticism though also. According to this report a personal computer with a SIP-based softphone can be compromised with a buffer overflow attack.
A technique outlined by researchers at Sipera
Systems injected an executable during a SIP-initiated call was
compromised the attacker would then be at liberty to access information
on the target PC or even to gain access to
data resources within an enterprise.
The
researchers took advantage of flaws in VoIP and SIP, said Eric
Winsborrow, Sipera's chief marketing officer. Flaws which exist in
clients such as the on which ships with Microsoft's Office
Communication Server. These clients use TCP ports 5060 and 5061, which
are
always open, unlike which opens and closes port 80 as necessary, says
the report.
In fact Sipera
claimed to have identified more than 20,000 potential issues within
VoIP which are not detected or stopped by traditional anti-virus
software.
Related news items Newer news items
Older news items
|
|
|
|
