VoIP Security Threats
May 19th, 2007 | by security |TryPot2 asked:
Voice over IP (VoIP) promises many benefits, but moving the phone service to an IP network can expose that service to a number of serious threats. This 10 minute podcast looks at just some of these threats.
GERARD
13 Responses to “VoIP Security Threats”
By TryPot2 on May 21, 2007 | Reply
Absolutely not!
Most of the attacks in the video use perfectly legal VoIP protocol messages, a standard Firewall (windows or otherwise) does little to block these messages.
By haccduder on May 23, 2007 | Reply
Loved the demo. I’m actually putting together a presentation about VoIP security issues for a class, but to actually see a few attacks carried out and the ease in which some were done really peaks my curiosity on the issue.
By blancoh on May 25, 2007 | Reply
why would it be the last thing a hacker thinks about? Eavesdropping on corporate secret conversations seems well worthy of doing. Remember statistically speaking most hacks are done internally possibly by employees themselves. To say this is the last thing a malicious person shows your ignorance. This video shows a real threat to businesses worldwide since the inception of VOIP.
By gurudeveloper on May 27, 2007 | Reply
1. “planting a trojan” == sitting on router.
2. “planting a trojan” is a threat itself , if a host compromised and there is a trojan, voip is one of the last things you should think about.
By TryPot2 on May 30, 2007 | Reply
Not all of the threats I demonstrate require capturing sniffer traces, but yes I could make a video based on monitoring email. This is a risk which is exactly why sensitive email needs to be encrypted. The reason for the Video is to highlight the risks of VoIP, I do not claim that there are no solutions.
By TryPot2 on Jun 1, 2007 | Reply
The assumption that you need to sit on your own router is wrong. Some of the attacks shown can be launched remotely. Even for those that require traffic monitoring can be done in other ways, for example planting a trojan on the target’s computer. The point of this video is to illustrate just some of the security threats that face VoIP networks, there are others. As for the comment that this is for people who don’t even know how SIP works in modern implementations, this is probably the majority.
By AwardConsulting on Jun 3, 2007 | Reply
Very useful information. Thank you for sharing this with people. Look forward to having tools to protect VOIP traffic.
By unaizu on Jun 6, 2007 | Reply
Hey I guess we are assuming a lot of things here.
Come on, you could also make a video where you capture sniffer traces of all the private emails and transactions from a company.
Going though the internet or a network doesn’t mean that you can sniff all the traffic or inject traffic on it, there are plenty of methods to avoid this happening!
of course if someone doesn’t configure the right security levels I guess is digging his/her own grave
.
By gurudeveloper on Jun 9, 2007 | Reply
Bullshit, you need to sit on router to perfom all those tricks , and if your router compromised , voip is the last thing you should think about.
This video affects those people who doesn’t know how SIP works in modern implementations (Asterisk, SER, Cisco etc). Damn! they even doesn’t know how switches work..
By TryPot2 on Jun 10, 2007 | Reply
The demos shown in the video use my own sip testing tools. These are not publicly available
By Bomzasss on Jun 12, 2007 | Reply
Please tell me what does he use for these commands and what are the commands!
By fofannet on Jun 12, 2007 | Reply
which tool is it to generate sip messages under windows ?
By sertacapanay on Jun 16, 2007 | Reply
very informative and useful video, thanks for sharing and thanks peter for making such a video. (would love to see the rest of it with how to prevent or at least make it more secure hehe free of course)