Feeds

back to article 2008 - the year VoIP gets hacked?

With VoIP rapidly becoming a commodity feature in everything from TV set-top boxes to barcode scanners, Sipera's VIPER Lab predicts that 2008 will be the year it all goes pear-shaped - a prediction borne out by Cisco's first security fix of the year. VIPER reckons that denial of service attacks and eavesdropping, using hacked …

COMMENTS

This topic is closed for new posts.
Silver badge

Never mind the hacker....

beware the BOFH!!

0
0
Coat

And i ask myself......

"Fixed/Mobile convergence is also suggested as a security weakness, with telecos connecting their systems to IP networks but lacking the skills to maintain the security of such connections.".

..............would it help if we tatooted "Security" on their noses before they think of coming up with anything that has an IP address.

Brrrr its chilly out there, Taxi!!!!!!

0
0
Boffin

Free Telecom

"Fixed/Mobile convergence is also suggested as a security weakness, with telecos connecting their systems to IP networks but lacking the skills to maintain the security of such connections."

Bingo on this one for french provider Free Telecom, and their unsupported SIP service (not so unsupported since it's the only way to have their Black and White phone work ! Read on here (in Voltaire language):

- http://www.freephonie.org/topic3319.html

And this was half a month ahead of 2008. Rumours have it they restricted the SIP service to non-international after they realised some smart ass in their Morocco support teams had stolen SIP credentials from Free customers, to use them as a free tunnel to backcharge calls to their "customers".

Don't look for Free Telecom words on this, as they have yet, 2 months after the incident, to say anything about it.

0
0
Silver badge
Boffin

Some solution

Avoid 3rd party VOIP. If your own (real, not resold wholesale) ISP has VOIP, own voice gateway and ATA direct on WAN without useraccessible IP (typically on a 10.xxx.xxx.xxx inaccessible to users or Internet) then you likely have better QOS and better (total?) security.

If none of the network carrying the VOIP is accessible to the Internet, how can it be hacked.

Cable, Fibre, LLU based ATA/VOIP, and Digiweb Metro all tend to have this model of VOIP. It means no direct URI PC to PC calls, only calls to/from real numbers, though usually calls are free within and ISP and for PC to PC you can always revert to Skype...

0
0
Unhappy

already being done

2008 is the year , huh?

VoIP has been hacked for many years now - I've regularly shown folk with little/no understanding of the risk a nice VoIP call being grabbed and then replayed (in pseudo stereo with one caller coming out of left speaker and t'other out of right) - this is on proper switched networks - wifi ones are just as fun!

seriously, you NEED end-to-end encryption as a bare minimum.

0
0
Silver badge
Boffin

@Mage

"If none of the network carrying the VOIP is accessible to the Internet, how can it be hacked[?]"

Umm...by anyone on the inside?

More to the point, how can you be sure none of the network is accessible to the internet? Even if your IP phone has an internal address, its gateway is likely be one port on a large router which also routes (and hence is accessible to) Internet traffic. It doesn't even need to be on the router; any device on that 10. network could have a second port on a public network.

An internal IP address is no guarantee of security.

0
0
Flame

Re: Some solution

>If none of the network carrying the VOIP is accessible to the Internet, how can it be hacked.

You are making the fatal error of assuming that all ISP customers are honest. Back when I ran networks a lot of the port-probes and hack attempts would come from within the ISP that we were using - and quite a few of them from corporate IP ranges.

And lets not discount cracks by the ISP staff themselves..

0
0

SIP security

provided you /the ITSP are using SIP............... and most decent ITSP's should be by now or at least looking to move towards SIP....... many of the technical issues have already been solved by iptego.

Of course if someone is willing to hand over personal information to anyone who asks......... that's up to them

rygbi

0
0
This topic is closed for new posts.