Tags › softphone security
11 million Euro loss in VoIP fraud .. and my VoIP logs
Published on Dec 14, 2010 in cyber crime, softphone security, voip security
And the attackers made over 1 million in profits. This just emerged from a raid (and hearing apparently) in Romania and other countries. The two main persons being fingered are Catalin Zlate and Cristian Ciuvat. It seems that they were scanning for PBX servers with phone extensions that have weak passwords. Then they abused these accounts to make phone calls for “free”, except that free has the price of 11 million EUR for the victims!…
Read more »Getting root access on Cisco CallManager 7 and 8 Server, Athcon, updates in new tool tftptheft and the VoIP honeynet challenge
Published on Jun 1, 2010 in conferences, voip security, cyber crime, softphone security, tftp theft
Lots going on right now. The following is a summary: Recurity Labs just published the jail-break for Cisco CallManager (CUCM) v7/8 which I had something to do with ;-) Will be presenting at Athcon on VoIP insecurities and cybercrime- drop me an email if you’ll be there TFTPTheft has been updated to support template filenames Will be posting more on TFTPTheft with use cases and examples. If you do have questions, drop me an email.…
Read more »On breaking phonecall encryption and publishing fake research
Published on Feb 1, 2010 in softphone security, cyber crime
Recently, some “not so anonymous” security researcher posted research on a website called InfoSecurityGuard. It showed how he had broken the encryption provided by various mobile phone security products. Ofcourse this caught the eyes of various journalists who wrote about this without much consideration. So what did this researcher find out? The research focuses on the fact that once you get malicious software on a phone, you can listen on the phonecall even with encryption software in place, such as CellCrypt or Gold-Lock.…
Read more »SIPtap and tapping phone calls
Published on Nov 24, 2007 in sip security, softphone security
“Called SIPtap, the software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files.” - PC World Unlike what others may say, this is not exactly the latest threat. When traffic is not encrypted, it can be recorded by anyone in between and later on replayed; and that includes VoIP. In fact several tools have been available for a while which are able to do the same thing that SIPtap (which is not publicly available for download) does.…
Read more »Server impersonation and SIP
Published on Oct 28, 2007 in caller-id spoofing, softphone security
Was reading Sipera’s latest advisories. The server impersonation advisory caught my eye mostly because we’ve seen something similar to this over here during testing. We hadn’t published this information until now .. so here goes. A good number of SIP softphones, and we would assume VoIP phones (hardware), will ring upon receiving an INVITE request. Three months ago we worked on 3 stories, two of which describe protagonists abusing this behavior and are still unpublished.…
Read more »XSS in Linksys SPA941
Published on Oct 12, 2007 in softphone security, sip security
Cross Scripting in an IP Phone? Of course - it has an HTTP interface! What’s more is that the HTTP interface shows a call history. The call history page makes use of information gathered from the SIP messages themselves to display which numbers tried to call the phone. This post on full-disclosure mailing list shows how this feature can be abused so that malformed SIP messages are able to inject html scripts in the web interface itself.…
Read more »SIP softphone buffer overflow demo
Published on Aug 8, 2007 in softphone security, conferences
Someone was showing off a 0day exploit at Black Hat. The article is a bit sketchy and feels sensational, but it does show that various parties are concerned. Just like most other pieces of software, softphones will (and do) have security vulnerabilities lead to remote access. Article can be found here. Hardphones, on the other hand, are secure.. right? :-p…
Read more »