The Hacker News
reports that threat actors could remotely exploit now-addressed security vulnerabilities in Linphone and MicroSIP softphone software to enable client crashes and exfiltrate sensitive data through phone calls.
SySS GmbH researcher Moritz Abrell discovered that the softphones could be impacted by a SIP Digest Leak attack, which involves SIP INVITE message and "407 proxy authentication required" HTTP response status code delivery that would eventually result in the targeted softphone to respond with appropriate authentication data.
"With this information, the attacker is able to perform an offline password guessing attack, and, if the guessing attack is successful, obtain the plaintext password of the targeted SIP account. Therefore, this vulnerability in combination with weak passwords
is a significant security issue," said Abrell.
Meanwhile, the Linphone SIP stack was found to have a NULL pointer dereference flaw that could be set off through a delivery of a customized SIP INVITE request.
"The security level of SIP stacks still needs improvement," Abrell said.