http://www.theinquirer.net/default.aspx?article=41964 By Egan Orion 28 August 2007 IT'S REPORTED that Session Initiation Protocol (SIP) devices can be vulnerable to eavesdropping. SIP is used by Voice over IP (VoIP) software and hardware to provide digital phone service directly over the Internet, thus bypassing the telcos' analog switched networks and related long-distance charges. Skype is a VoIP service that uses SIP, for one example, and many ISPs and third parties offer VoIP. Telephones have long been used for eavesdropping, likely since the time of Alexander Graham Bell. There were very few secrets in most small towns, back when the telephone exchanges used wired plug-boards to connect parties and telephone operators could listen in to phone conversations at will. As telephone infrastructures were slowly built out, many subscribers had "party lines" that were shared among several households and let the nosey people listen in to their neighbors phone calls. While eavesdropping is quite impolite, when it's done for adversarial purposes, it's called covert listening or more simply, bugging. (A page about bugging techniques is here.) Late last year it surfaced that the FBI has used cellphones as "roving bugs", listening to conversations even when the targeted cellphones were turned off. Now a post on the "full-disclosure" list has revealed that SIP devices can be similarly vulnerable to covert listening. The Australian IT security firm Snnet Beskerming has written a commentary about the implications. It writes: "The research that was published indicates that, for at least one vendor, it is possible to automatically call a SIP device from that vendor and have it silently accept the call, even if it is still on the hook - instantly turning it into a classic bugged phone. Whereas historic telephony bugs needed physical targeting of the line running to a property or place of business, the presence of VoIP in the equation allows bugging from anywhere in the world with equal ability. Now anyone can do from their armchair what only spies and law enforcement used to be able to do from inside the telephone switch / pit / distribution board, though it's still illegal to do so." It notes that the act of bugging a SIP device also operates as a Denial of Service attack. Although an exploit has been publicly reported against only one vendor's SIP implementation, other vendor's software stacks might also be vulnerable. Separate similar exploits that targeted Cisco SIP handsets with a Denial of Service attack and a buffer overflow attack against software from eCentrex have recently been publicly released, too. So if you happen to use SIP enabled VoIP services, beware. L'INQ Snnet Beskerming http://www.beskerming.com/commentary/2007/08/24/259/Listen_to_SIP_Phones_Even_When_They_are_on_the_Hook ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Tue Aug 28 2007 - 22:21:08 PDT