Skip to main content

Tags softphone security

Sandro Gauci

Sandro Gauci, Enable Security

11 million Euro loss in VoIP fraud .. and my VoIP logs

Published on Dec 14, 2010 in , ,

And the attackers made over 1 million in profits. This just emerged from a raid (and hearing apparently) in Romania and other countries. The two main persons being fingered are Catalin Zlate and Cristian Ciuvat. It seems that they were scanning for PBX servers with phone extensions that have weak passwords. Then they abused these accounts to make phone calls for “free”, except that free has the price of 11 million EUR for the victims!…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Getting root access on Cisco CallManager 7 and 8 Server, Athcon, updates in new tool tftptheft and the VoIP honeynet challenge

Lots going on right now. The following is a summary: Recurity Labs just published the jail-break for Cisco CallManager (CUCM) v7/8 which I had something to do with ;-) Will be presenting at Athcon on VoIP insecurities and cybercrime- drop me an email if you’ll be there TFTPTheft has been updated to support template filenames Will be posting more on TFTPTheft with use cases and examples. If you do have questions, drop me an email.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

On breaking phonecall encryption and publishing fake research

Published on Feb 1, 2010 in ,

Recently, some “not so anonymous” security researcher posted research on a website called InfoSecurityGuard. It showed how he had broken the encryption provided by various mobile phone security products. Ofcourse this caught the eyes of various journalists who wrote about this without much consideration. So what did this researcher find out? The research focuses on the fact that once you get malicious software on a phone, you can listen on the phonecall even with encryption software in place, such as CellCrypt or Gold-Lock.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

SIPtap and tapping phone calls

Published on Nov 24, 2007 in ,

“Called SIPtap, the software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files.” - PC World Unlike what others may say, this is not exactly the latest threat. When traffic is not encrypted, it can be recorded by anyone in between and later on replayed; and that includes VoIP. In fact several tools have been available for a while which are able to do the same thing that SIPtap (which is not publicly available for download) does.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Server impersonation and SIP

Published on Oct 28, 2007 in ,

Was reading Sipera’s latest advisories. The server impersonation advisory caught my eye mostly because we’ve seen something similar to this over here during testing. We hadn’t published this information until now .. so here goes. A good number of SIP softphones, and we would assume VoIP phones (hardware), will ring upon receiving an INVITE request. Three months ago we worked on 3 stories, two of which describe protagonists abusing this behavior and are still unpublished.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

XSS in Linksys SPA941

Published on Oct 12, 2007 in ,

Cross Scripting in an IP Phone? Of course - it has an HTTP interface! What’s more is that the HTTP interface shows a call history. The call history page makes use of information gathered from the SIP messages themselves to display which numbers tried to call the phone. This post on full-disclosure mailing list shows how this feature can be abused so that malformed SIP messages are able to inject html scripts in the web interface itself.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

SIP softphone buffer overflow demo

Published on Aug 8, 2007 in ,

Someone was showing off a 0day exploit at Black Hat. The article is a bit sketchy and feels sensational, but it does show that various parties are concerned. Just like most other pieces of software, softphones will (and do) have security vulnerabilities lead to remote access. Article can be found here. Hardphones, on the other hand, are secure.. right? :-p…

Read more »