Sticking your head above the parapet and talking about security threats on Voice- Over-IP (VoIP) networks is a dangerous business. Peter Cox discusses his proof-of-concept VoIP hacking tool.
A recent Techworld news story on SIPtap, a proof-of-concept demonstrator I wrote to illustrate the problem of VoIP call eavesdropping, resulted in a flurry of postings accusing me of scaremongering. Most of the negative comments fell into one of three categories. Firstly that the eavesdropping threat would work only if encryption and other security controls were turned off; secondly that the issue of VoIP security was well understood; thirdly that securing VoIP network is really just the same as securing any other IP application. One posting included the comment:
“Many of the [VoIP] security precautions should already be in place if your network and IT environment is secure.”
On the plus side, the article generated as many positive comments thanking me for highlighting the eavesdropping threat.
So what is the reality? Are such stories just hype or are there a set of threats and risks unique to VoIP protocols and applications that merit special attention? To answer this it is necessary to draw some comparisons between VoIP and other network applications.
VoIP as its name suggests runs on an IP network. This means that it shares a common set of security threats and vulnerabilities with other IP applications such as web and email. These threats and vulnerabilities include all the IP network level threats that web masters and email administrators deal with on a daily basis; threats which are addressed with standard network security technologies and good network design.
In addition to this set of network level threats VoIP applications also face a set of protocol and application specific threats and a set of content related threats.
The protocol and application specific threats stem from the design and implementation of the protocols and the services that VoIP applications deliver. VoIP protocols are complex. This is partly because VoIP aims to provide a real time communication service on an IP network and partly because VoIP protocols have to provide an interface to the standard phone system and mirror some of the features and facilities we have become dependent on after a lifetime’s use of both fixed and mobile phone services.
In addition virtually all VoIP applications provide a rich set of non-voice services such as video conferencing, presence services (providing information on a person’s availability and indicating the best contact options) and even Instant Messaging and paging services. Protocol and application threats include a range of flooding attacks and call disruption threats. Disruption threats include call termination attacks were a malicious attacker can simply cut-off a call and hijacking attacks where an attacker can take over a call. Many of these VoIP application specific threats have no direct analogue in any other network application.
Content related security threats affect the “content” of a VoIP call; a person to person call, a voice conference call or a video call. The threats in this category include simple unauthorised call monitoring or eavesdropping (as demonstrated in my SIPtap utility) and hijacking or injection threats where an attacker takes over a call or injects a voice or video stream to obscure or replace the original conversation. While VoIP content related threats have their analogues in email and web, for example email spam and malicious or inappropriate web content, the technologies behind a VoIP hijack or injection are clearly different from those technologies responsible for email spam and malicious web content.