[VOIPSEC] Cisco 7920 wireless IP Phones

David Elbel david.elbel at gmail.com
Thu May 26 15:54:18 CDT 2005 

I think everyone is forgetting that there is no VOIP protocol that will work 
over TLS, SSL, or SSH. I have yet to have figured out how to use SSL or SSH 
over UDP.

Also I seriously doubt the cisco wireless phone supports WPA2-2AES.

If the military really needs crypto on the wireless phones, my guess would 
be that they should negotiate with the vendor for a custom ROM that supports 
this (layer 7 or layer 4 OSI) . The design problem is What end-to-end link 
will be encrypted? Call them and ask; they might already have something 
available for testing. Somebody from Cisco might be on this list who might 
know. Regardless, the market will demand it soon.



On 5/26/05, Porter, Thomas (Tom) <tporter at avaya.com> wrote:
> 
> Chris,
> 
> The point I am making is that wireless networks can be made as secure or
> more secure (since typically, LAN traffic is not encrypted) than wired
> networks. I think that most people would agree with this. Certainly WEP
> & LEAP are not sufficient to protect these networks, but other IETF
> standard forms of EAP (TLS/PEAP, TTLS, etc) & their implementations are.
> 802.11i (AES-CCM) rely upon digital certs & are not subject to
> person-in-the-middle attacks. Yes, SSL & SSH *can* be hijacked, but if
> implemented properly they *cannot* be. This is not meant as an offense
> to you & Don Bailey, but the fact is: Many wireless, SSH, and SSL
> implementations (not sure why you included these w/ wireless) can be &
> are more secure than the corresponding wired networks. Head-on attacks
> against these implementations are destined to fail - of course, no
> amount of encryption, etc can protect against a single weak password,
> but that is a separate issue.
> 
> Best, Tom
> 
> TLS is SSL all grown up.
> 
> "SSL and SSH can be hijacked (MiM, Man in the middle) by hacker tools
> crafted specifically for VoIP. A good example of ssl hijacking is a tool
> called airsnarf.
> http://airsnarf.shmoo.com/ I believe that this would be a trivial task
> to convert to SIP since it is merely a cousin to html."
> 
> The author, Beetle, gave some very good demonstrations of how easy it is
> to break "ANY" wireless encryption/protection scheme and, with this
> tool, hijack any ssl/tls encrypted page to capture authentication/credit
> card or any other info that was supposed to be encrypted. Over two days
> he was able to show a class of about 60 people, many new to wireless how
> to do the same thing.
> 
> When I say that IPSec adds too much overhead I refer to the fact that,
> due to encapsulation, IPSec adds approximately 40% additional overhead
> to an IP packet and often fragmentation due to packets that need to be
> fragmented for encapsulation.
> 
> Chris
> 
> -----Original Message-----
> From: Robert Thompson Jr. [mailto:rthompson at columbiabank.com]
> Sent: Wednesday, May 25, 2005 1:19 PM
> To: Chris at infravast.com; Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] Cisco 7920 wireless IP Phones
> 
> I am very new to VOIP, so please bear with me.
> 
> But when you say that it is trivial to intercept the traffic, you just
> mean to receive it right? You are not talking about deciphering the
> information and being able to listen in on the conversation are you?
> 
> Why would IPSEC add too much overhead?
> 
> Instead of SSH and SSL, could TLS be used? As I am under the
> understanding that TLS doesn't have any more overhead than SSL though is
> quite more secure.
> 
> Rob.
> 
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Christopher A. Martin
> Sent: Tuesday, May 24, 2005 5:47 PM
> To: 'Finnegan, James M SAM Contractor'; Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] Cisco 7920 wireless IP Phones
> 
> 
> It is trivial to hijack, intercept, impersonate any type of traffic over
> wireless, whether WEP, WAP, etc is implemented. IPSec over it is about
> the only safe bet (which adds too much overhead). SSH and SSL can also
> be compromised due to wireless hijacking.
> 
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Finnegan, James M SAM Contractor
> Sent: Tuesday, May 24, 2005 12:03 PM
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] Cisco 7920 wireless IP Phones
> 
> Greetings all,
> 
> I have run into a problem I was hoping to get feedback on. We are
> using the 7920 IP Phones at our sites, running CCM 3.3.
> 
> The Army has decided the wireless link needs to be encrypted with
> something other than WEP or WEP w/LEAP. Our standard wireless
> encryption is 3DES.
> The
> 7920's only support WEP or WEP w/LEAP. Has anyone run into this problem?
> 
> 
> 
> Thanks
> 
> 
> 
> Mike Finnegan
> 
> B.I.T.S.
> 
> U.S.Army Corp of Engineers
> 
> 
> 
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list