[VOIPSEC] Soft Phone Vulnerabilities

FOUCHE Nicolas ROSI/DAS nicolas.fouche at francetelecom.com
Wed Jun 7 08:43:49 CDT 2006 


> Skype has been attested as being secure

It seems that some vulnerabilities have been discovered in Skype...

"The vulnerability is caused due to a boundary error within the handling of command line arguments. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site, which passes an overly long string (more than 4096 bytes) to the "callto:" URI handler.

Successful exploitation may allow execution of arbitrary code."

And this is not the only one.

We can't say that Skype is "secure" because it is completely unknown ! Darkness don't do security... it is often the opposite. Skype is an application like many others and suffer of the same problems. And why it becomes dangerous ? Precisely because no control can be done on what Skype do (encrypted flows, bypass proxies and FW...).

> We can only hope the "pre-standard" Skype will get some competition from a standards based system.

I hope not !

Regards,

Nicolas

-----Message d'origine-----
De : Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] De la part de Henry Sinnreich
Envoyé : mercredi 7 juin 2006 15:03
À : 'Martyn Davies'; 'Jacobs, Marcia'; Voipsec at voipsa.org
Objet : Re: [VOIPSEC] Soft Phone Vulnerabilities

> This is why people worry about Skype being used in the workplace,

I am afraid this is just sour grapes. Skype has been attested as being secure, enhances the productivity in the enterprise, supports communications worldwide with customers and partners and may become the AT&T of VoIP.
And is profitable as well, which is an exception to the rule in the VoIP provider world.

We can only hope the "pre-standard" Skype will get some competition from a standards based system.

Thanks, Henry

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Martyn Davies
Sent: Wednesday, June 07, 2006 3:02 AM
To: Jacobs, Marcia; Voipsec at voipsa.org
Subject: Re: [VOIPSEC] Soft Phone Vulnerabilities

A softphone is just a normal executable application, no more and no less.  Its just that (unlike, for example, Word) its main job is to handle streaming audio.

As an application it has full access to all the resources of the PC, and runs with the rights of the user that started the softphone.  Therefore if you login with administrative rights (which I guess an awful lot of people do), the softphone application has all administrative rights to the machine.  Therefore if a softphone is carrying some kind of Trojan or backdoor inside it, an attacker could do any of the following:

* Listen to any inputs on the soundcard
* Read all your files and transmit them somewhere else
* Capture data being sent to the screen, or coming in from the keyboard
* Scour your machine looking for passwords, etc.
* Disable antivirus or other protective tools
* Monitor the LAN that the computer is attached to, and perhaps even attack other machines

Since the soundcard is always powered on in a PC, there's nothing to stop an application switching on the mic at any time and listening.

In summary, its not just 'softphone vulnerablities' that are the worry per se, but that fact that the whole PC is vulnerable to attack if the wrong kind of malware gets run on it. 

This is why people worry about Skype being used in the workplace, because (a) a lot of desktops have it across the world, which is an opportunity for hackers and (b) if they succeed in compromising Skype then not just audio but all kinds of secrets could be funneled out of the organization without anyone even knowing that an attack was underway.

Regards,
Martyn


-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Jacobs, Marcia
Sent: 06 June 2006 19:04
To: Voipsec at voipsa.org
Subject: [VOIPSEC] Soft Phone Vulnerabilities

Wondering if anyone can recommend a good security document on softphones, and the potential of turning on microphone remotely.

Thanks!

Marcia Jacobs
Sandia National Labs
CA Telecommunication Ops
Phone & Fax:  925.294.1586
mjacob at sandia.gov

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

********************************
Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et etablis a l'intention exclusive de
ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite.
Tout message electronique est susceptible d'alteration. Le Groupe France Telecom decline toute responsabilite au titre de
ce message s'il a ete altere, deforme ou falsifie.
Si vous n'etes pas destinataire de ce message, merci de le detruire immediatement et d'avertir l'expediteur.
*********************************
This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised
use or dissemination is prohibited.
Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or
falsified.
If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
********************************

More information about the Voipsec mailing list