VoIP vulnerabilities unveiled at Black Hat

Share this article:

VoIP phone systems, relying on so-called soft phone software, may have thousands of potential vulnerabilities, researchers at Sipera Systems said at the annual Black Hat conference this week in Las Vegas.

Sipera revealed a technique that allowed researchers to take remote control of a PC running VoIP and the Session Initiation Protocol (SIP).

SIP is an application-layer control protocol used to create, modify and terminate sessions in IP PBX s, VoIP and other technologies.

The company's VIPER Lab research unit was able to take command of a PC running a soft phone VoIP application and cross boundaries into the data stored on the system. It did so by injecting a buffer overflow with an executable during an SIP-initiated call, according to Eric Winsborrow, Sipera's chief marketing officer.

The researchers took advantage of flaws in VoIP and SIP, he said. SIP and soft clients, including software shipped with Microsoft's Office Communication Server (OCS), use TCP ports 5060 and 5061, which are always open, unlike HTTP, which opens and closes port 80 as necessary.

The always-on state creates the potential for data theft from a laptop running a soft phone, Krishna Kurapati, Sipera's founder and CTO, told SCMagazine.com. Notably, the vulnerabilities - Sipera said it has uncovered more than 20,000 potential issues within VoIP – aren’t detected or stopped by traditional anti-virus products, he added.

The flaw has ramifications as enterprises move beyond what Sipera called VoIP 1.0 – VoIP running on a company's internal wide-area networking (WAN) infrastructure – and onto the internet. That environment, which Sipera called VoIP 2.0, will allow remote employees to access the corporate network from PC-based soft phones.


In VoIP 2.0 systems, a PC with a soft phone taken over remotely via a vulnerability such as a buffer overflow could be used to open files or gain access to the data resources within an enterprise, Winsborrow said. This should be a "huge scare" for chief security officers, he added.

Click here to email West Coast Bureau Chief Jim Carr.

Click here for the latest SC Magazine Podcast – July 30, 2007: Is the iPhone an IT security threat?

 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.