Mobifun’s Weblog

Do Fun with your Mobile….

VoIP Vandals

Internet telephone services like Skype and Vonage are starting to look less like digital gimmicks and more like the next generation of voice communication. They’re cheaper than traditional phone services and increasingly fast and reliable. But they may also be far more hackable.

In a series of presentations, Security professionals at the Black Hat conference in Las Vegas they demonstrated ways in which cybercriminals can eavesdrop on VoIP calls, steal data from Internet telephony devices, intercept credit card numbers from VoIP connections and shut connections down altogether.

Peter Thermos, chief technology officer of Palindrome Technologies, proved the point onstage: He played snippets of conversations recorded by snooping on VoIP calls, exploiting vulnerability in a common element in VoIP communications known as media gateway control protocol.

“Using this weakness in MGCP, you can do anything like reroute or tear down connections,” He said. “But eavesdropping is especially scary.”

Thermos also described an exploitable hole in ZRTP, one species of the VoIP language real-time transfer protocol: ZRTP encrypts all transmitted sounds, but not the numbers translated from tones. That means hackers can listen for credit card information communicated from touchtone phones.

Though the attacks on display were new, VoIP isn’t: Internet telephony has existed since the early ’90s. But Dempster says its increasing adoption hasn’t led to the patching of old bugs. In his presentation, he described how Asterisk, an open-source VoIP application, can be attacked using what he said was an “extremely basic” method known as a buffer overflow. “We point these problems out,” he said, “But the lessons aren’t being taken.”

New mobile devices are also drawing attention to VoIP problems. Krishna Kurapati, founder and chief technology officer of Sipera Systems, demonstrated vulnerabilities of several Wi-Fi devices at Wednesday’s presentations, crashing a Blackberry and a D-Link phone onstage by hacking their wireless Internet connections. He also simulated the theft of private data via VoIP from a laptop.

Advertisements

August 3, 2007 - Posted by | VoIP

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: