Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen

Copyright Security-Assessment.com 2005

VoIP 2

Is free too Expensive?

by Darren Bilby and Nick von Dadelszen


Different Types of VoIP• There are many different implementations of IP

telephony:

– Skype– MSN– Firefly– Cisco Office– Asterix


VoIP Technology• Each type of VoIP uses different technology:

– Skype – Proprietary– MSN – SIP– Firefly – IAX– Cisco – H.323, Skinny– Asterix – SIP, IAX2– Others – MGCP

• Most of these do not have security built-in so rely on network controls


Attacks Against VoIP

• Multiple attack avenues:

– Standard traffic capture attacks– Traffic manipulation– Dynamic configuration attacks– Phone-based vulnerabilities– Management interface attacks


Consequences of Attacks

• Eavesdropping and recording phone calls• Active modification of phone calls• Call Tracking• Crashing phones• Denying phone service – Slammer?• VoIP Spamming• Free calls• Spoofing caller ID


Capturing VoIP Data

• Ethereal has built-in support for some VoIP protocols

• Has the ability to capture VoIP traffic• Can dump some forms of VoIP traffic directly to

WAV files.• Point and click hacking!





Audio Capture


VoIP Security Solutions• You must protect the network traffic

– Separate data and voice traffic – VLANs– Ensure IPSEC or other VPN technology used over WAN

links– IDS monitoring on the network – ARP inspection– Host Security– VOIP enabled firewalls– Excellent guidelines in Cisco SAFE documentation

• Or wait for more secure protocols


Skype – What Is It?

• Proprietary VOIP system for calls over the Internet• Free and simple to use• Developed by the creators of KaZaA• Relies on P2P technology• Over 29 million users worldwide• Allows connections to regular phones through

SkypeOut


Skype Connection Details

• Listens on a random port, 80 and 443• Connects to known Supernodes stored in the

registry• Must establish connection with login server to

authenticate• NAT and Firewall traversal• Any Skype client with an Internet IP address and

suitable bandwith/CPU may become a Supernode


Skype Architecture

Ref: "An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol“Salman A. Baset and Henning Schulzrinne


Skype Call Security

• Skype claims to encrypt all voice traffic with 128-bit or better encryption

• The encryption implementation used is proprietary and closed-source

• It is unknown whether the Skype organisation has the ability to decrypt all voice traffic


Other Skype Security Concerns

• Same developers as KaZaA, known for spyware• Cannot stop client becoming a Supernode• Client allows file transfer, even through firewalls,

an access path for malicious code, information leakage

• Login server reliance


Should You Use Skype?

• If you can answer yes to four questions:

– Are you willing to circumvent the perimeter controls of your network?

– Do you trust the Skype developers to implement security correctly (being closed-source)?

– Do you trust the ethics of the Skype developers?

– Can you tolerate the Skype network being unavailable?


Other VoIP Issues – Commercial Caller ID Spoofing

• Multiple companies are now offering caller ID spoofing:

- CovertCall - PI Phone- Star38 - Us Tracers- Camophone - Telespoof

• Makes Social Engineering a lot easier• Many systems authenticate on CID


Other VoIP Issues – New Attack Tools

• New tools make finding vulnerabilities easier

– SIP Bomber– PROTOS Test-Suite– SiVuS



Good Sites For Learning More• Some good links for learning more about VoIP

– http://www.voip-info.org/tiki-index.php?page=voip-info.org

– http://www.vopsecurity.org/index.php

Documents

Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen