|
|
VoIP phones officially buggable
2007-08-29
It's reported that Session Initiation Protocol (SIP) devices can be vulnerable to eavesdropping.
SIP is used by Voice over IP (VoIP) software and hardware to provide digital phone service directly over the Internet, thus bypassing the telcos' analog switched networks and related long-distance charges. Skype is a VoIP service that uses SIP, for one example, and many ISPs and third parties offer VoIP.
Telephones have long been used for eavesdropping, likely since the time of Alexander Graham Bell. There were very few secrets in most small towns, back when the telephone exchanges used wired plug-boards to connect parties and telephone operators could listen in to phone conversations at will. As telephone infrastructures were slowly built out, many subscribers had "party lines" that were shared among several households and let the nosey people listen in to their neighbors phone calls.
While eavesdropping is quite impolite, when it's done for adversarial purposes, it's called covert listening or more simply, bugging. (A page about bugging techniques is here.)
Late last year it surfaced that the FBI has used cellphones as "roving bugs", listening to conversations even when the targeted cellphones were turned off.
Now a post on the "full-disclosure" list has revealed that SIP devices can be similarly vulnerable to covert listening. The Australian IT security firm Sūnnet Beskerming has written a commentary about the implications. It writes:
"The research that was published indicates that, for at least one vendor, it is possible to automatically call a SIP device from that vendor and have it silently accept the call, even if it is still on the hook - instantly turning it into a classic bugged phone. Whereas historic telephony bugs needed physical targeting of the line running to a property or place of business, the presence of VoIP in the equation allows bugging from anywhere in the world with equal ability. Now anyone can do from their armchair what only spies and law enforcement used to be able to do from inside the telephone switch / pit / distribution board, though it's still illegal to do so."
It notes that the act of bugging a SIP device also operates as a Denial of Service attack.
Although an exploit has been publicly reported against only one vendor's SIP implementation, other vendor's software stacks might also be vulnerable. Separate similar exploits that targeted Cisco SIP handsets with a Denial of Service attack and a buffer overflow attack against software from eCentrex have recently been publicly released, too.
So if you happen to use SIP enabled VoIP services, beware.
By Egan Orion
|
|
|
|
VoIP Providers List Information |
|
|
|
If you have any constructive thoughts, creative ideas, or reasonable offers, please, contact us.
|
|
Send Email to Helen O'Neill if you have any questions either about this website, or about VoIP providers, or VoIP in general.
|
|
Send Email to our technical support if you have any technical queries.
|
About VoIP Providers List
VoIP Providers List services save time for companies searching both for information and interconnection partners, interested in voice minutes exchange, i.e. VoIP minutes termination and origination, as well as hardware and software trade. We provide information on interconnection services, VoIP hardware solutions and VoIP software , as well as overall situation in the VoIP industry.
VoIP Providers List is constantly moderated, and thus we can guarantee that any VoIP provider published in the web-based company catalogue has provided accurate details on its services and operations.
We are constantly working on improvement and development of our services. Your comments and proposals regarding the services are highly welcome. Please, do not hesitate to contact us providing with your ideas, opinion, and feed-back. We will be grateful for any information and useful links on Voice over IP, VoIP hardware, VoIP software, and VoIP Providers. |
|
|
|
|
VoIP Providers Statistics |
|
|
Providers in database: 3315
Users Online: 226
|
|
|
