VoIP systems: Challenges And Solutions Part 3 VoIP Security Issues
May 11, 2015
VoIP Security Issues
Call interception: One of the most commonly encountered problems with VoIP setups is data that passes through VoIP gateways are not encrypted by default. If a malicious attacker is able to find the source of the stream he is easily able to hijack the signal and listen in on all our conversations.The attacker only requires physical access to a LAN segment that the VoIP packets travel across. Most enterprises use Ethernet switches instead of hubs and this limits the number of locations that such an exploit is possible. Call interception is more of a risk if companies make use of unsecured wireless networks, this can be used to easily enter a corporate network and listen in on calls.
Denial of service attacks: A DoS attack causes the disruption of services by flooding the network with large amounts of data. This data can be of my forms but they all force the network from functioning properly. DoS attacks can be far more devastating if it is carried out by several thousands of computers, such an attack is called a DDoS.DDoS attacks may target different parts of the network however, if your VoIP infrastructure is directly connected to the main network it may be affected by the main DDoS attack. Denial of service attacks can cause several problems for VoIP sessions. Some DDoS attacks may not bring down the network itself but may cause severe traffic disruption due to increased latency and jitter in the network.Gulp tool can be used to create SIP flood that too more than 200mpbs from thousands of random sources consistently changing the SIP headers to avoid detection. The tool can also be used to send malformed or spoofed request to cause damages to SIP devices.
Exfiltration of data: Another major problem for enterprises is the exfiltration of confidential data from their networks. Attackers can make use RTP sessions to exfiltrate information from a corporate environment, since firewalls do not block VoIP traffic it becomes nearly impossible to stop such attacks.VoIP packets unlike data packets in other formats are much more difficult to scan for hidden content or data without introducing delay into the entire data stream. Exfiltration attacks are usually carried out by VoIP Trojans that send data out of the host system as an RTP stream.
Vishing: Voice phishing is practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward or confidential information. The term is a combination of “voice” and phishing.Voice phishing tricks the victim into trusting the caller. They may then inadvertently release sensitive information to the caller. Vishing is very similar to its counterpart in email. Due to its nature Vishing attacks are very difficult to mitigate, user awareness against such attacks are the best solution.Vishing is typically used to steal information such as credit card numbers or user information used in identity theft schemes. Some fraudsters utilize features facilitated by Voice over IP (VoIP), such as caller ID spoofing (to display a number of their choosing on the recipients phone line), and automated systems (IVR).
Spamming over Internet Telephony (SPIT): VoIP spam or SPIT (Spam over Internet Telephony) is the mass sending of automatically dialled pre-recorded phone calls using VoIP. These messages are sent to several victims hundreds of times. SPIT messages are similar to their telephone counterparts however they are much more difficult to monitor and mitigate.As Voice over IP systems make use of computer systems it easy extremely easy to send massive amounts of Voice spam to thousands of different VoIP users. VoIP technology also has many free and open source tools that are easily available (e.g. Asterisk and SIP). Such tools greatly simplify the job of the VoIP spammer. The main technology that is exploited to carry out SPIT attacks is the Session Initiation Protocol (SIP). SPIT attacks can be mitigated using a variety of techniques including:- Blacklisting and whitelisting possible spammers- Audio Captcha’s- Reputation systems- Consent based communication
Caller ID spoofing: Caller ID is used to identify the caller’s information. Some device has an inbuilt device while others need to attach an external device to identify the caller’s information. Having a caller ID doesn’t makes you to see the callers information, we need to call the service providers and request for caller ID service, sometimes these are optional services which comes for a price from the provider. Caller ID will contain the time of call, duration of call and caller’s information. There are different websites that are available which can be used to spoof calls. Some of these websites are limited to specific countries. By spoofing, the call will appear to us a legitimate call from the bank asking for confidential information which can further lead to data breaches.
Registration hijacking: When a user agent (IP phone) is plugged in to a VoIP network, it will try connecting to SIP server for registration and the phone is available for use after registration is done. Attackers impersonate the user agent and try to connect to the SIP server to become a part of the network. When registration is hijacked the calls intended for a particular user will be diverted to a rogue person and the entire VoIP network becomes messy. The fact that registration is hijacked is because the registration method used in VoIP is UDP rather than TCP and the authentication mechanism from user agent to server is very weak. Scanners (SiVus) are available to check the weakness of VoIP security and registration hijacking is one such exploit that can be carried out.
Viruses and malware: Nothing to say more on viruses and malware. Such actors can bring down the entire VoIP network down or abuse the VoIP usage. Malwares imposing as genuine software which leaks VoIP credentials or open a remote backdoor on the target are commonplace. Software phones are more vulnerable to such attacks.
As we continue with our series we would like to thank you for your interest. Please like us on Facebook if you like the content provided. Our 4th part to the series we will be going over the Countermeasure needed.
If you would like a free site survey and cost analysis please feel free to reach us at (210) 402-5455 or direct dial to (210) 538-9683.