SIP phone users - beware

01/09/2007 Written by Jakub Maslowski

phoneIf you fol­low news related to IT secu­rity then you already know that using VoIP ser­vices, that use SIP isn’t the safest way to guar­an­tee com­mu­ni­ca­tion for your home or com­pany. Ses­sion Ini­ti­a­tion Pro­to­col (SIP) devices can be vul­ner­a­ble to eaves­drop­ping. That’s a fact.

There are tons of hard­ware and soft­ware using SIP, and many of our and your inter­net providers are also using it. Let me explain how poten­tially harm­ful and dan­ger­ous this can be for us, the end-​users.

Eaves­drop­ping for adver­sar­ial pur­poses is the less dan­ger, and pos­si­bil­ity that this will hap­pen, is low. More pos­si­ble is, that these vul­ner­a­bil­i­ties will be used in espi­onage in indus­try, since these devices are well used in companies.

Another view is, that intel­li­gence and inves­ti­ga­tion agen­cies (like FBI) will use them to wire­tap com­mu­ni­ca­tion. More­over, full-​disclosure list brought in last days more inter­est­ing links and infor­ma­tions con­cern­ing SIP phones.

Sûn­net Beskerming (Aus­tralian IT firm) pub­lished com­ment about implications:

“The research that was pub­lished indi­cates that, for at least one ven­dor, it is pos­si­ble to auto­mat­i­cally call a SIP device from that ven­dor and have it silently accept the call, even if it is still on the hook — instantly turn­ing it into a clas­sic bugged phone. Whereas his­toric tele­phony bugs needed phys­i­cal tar­get­ing of the line run­ning to a prop­erty or place of busi­ness, the pres­ence of VoIP in the equa­tion allows bug­ging from any­where in the world with equal abil­ity. Now any­one can do from their arm­chair what only spies and law enforce­ment used to be able to do from inside the tele­phone switch /​pit /​dis­tri­b­u­tion board, though it’s still ille­gal to do so.”

It seems that SIP phones and devices are in heavy fire of many secu­rity researchers. Exploit for one vendor’s SIP has been posted on the net while ago. Cisco SIP devices are vul­ner­a­ble again DoS attacks. And more will for sure follow.

Share this content: