[VOIPSEC] Soft Phone Vulnerabilities

Medhavi Bhatia medhavib at gmail.com
Wed Jun 7 18:45:42 CDT 2006 

Interesting discussion. We just started a company along these
directions (with that I'd be vague at this point). Here is a link:

http://www.3clogic.com/products.html

-Medhavi.

On 6/7/06, FOUCHE Nicolas ROSI/DAS <nicolas.fouche at francetelecom.com> wrote:
>
> Ok with that. I'm just saying that Skype isn't a security model like you said.
> But you must admit that it's hard to control P2P. Enterprises like control what occurs in their network. That's mean to know what flow goes where. P2P don't ensure that... And particularly Skype which we don't know many thing.
>
> Nicolas
>
> -----Message d'origine-----
> De : Henry Sinnreich [mailto:henry at pulver.com]
> Envoyé : mercredi 7 juin 2006 16:20
> À : FOUCHE Nicolas ROSI/DAS; 'Martyn Davies'; 'Jacobs, Marcia'; Voipsec at voipsa.org; 'Mark Baugher'
> Objet : RE: [VOIPSEC] Soft Phone Vulnerabilities
>
> The arguments about Skype security must not imply P2P cannot be secure.
>
> Please see the just published I-D:
>
> http://www.softarmor.com/dwillis/docs/draft-willis-p2psip-concepts-00.html
>
> Thanks, Henry
>
> -----Original Message-----
> From: FOUCHE Nicolas ROSI/DAS [mailto:nicolas.fouche at francetelecom.com]
> Sent: Wednesday, June 07, 2006 8:44 AM
> To: henry at pulver.com; Martyn Davies; Jacobs, Marcia; Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] Soft Phone Vulnerabilities
>
>
>
> > Skype has been attested as being secure
>
> It seems that some vulnerabilities have been discovered in Skype...
>
> "The vulnerability is caused due to a boundary error within the handling of
> command line arguments. This can be exploited to cause a stack-based buffer
> overflow by e.g. tricking a user into visiting a malicious web site, which
> passes an overly long string (more than 4096 bytes) to the "callto:" URI
> handler.
>
> Successful exploitation may allow execution of arbitrary code."
>
> And this is not the only one.
>
> We can't say that Skype is "secure" because it is completely unknown !
> Darkness don't do security... it is often the opposite. Skype is an
> application like many others and suffer of the same problems. And why it
> becomes dangerous ? Precisely because no control can be done on what Skype
> do (encrypted flows, bypass proxies and FW...).
>
> > We can only hope the "pre-standard" Skype will get some competition from a
> standards based system.
>
> I hope not !
>
> Regards,
>
> Nicolas
>
>
> -----Message d'origine-----
> De : Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] De la
> part de Henry Sinnreich
> Envoyé : mercredi 7 juin 2006 15:03
> À : 'Martyn Davies'; 'Jacobs, Marcia'; Voipsec at voipsa.org
> Objet : Re: [VOIPSEC] Soft Phone Vulnerabilities
>
> > This is why people worry about Skype being used in the workplace,
>
> I am afraid this is just sour grapes. Skype has been attested as being
> secure, enhances the productivity in the enterprise, supports communications
> worldwide with customers and partners and may become the AT&T of VoIP.
>
> And is profitable as well, which is an exception to the rule in the VoIP
> provider world.
>
> We can only hope the "pre-standard" Skype will get some competition from a
> standards based system.
>
> Thanks, Henry
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Martyn Davies
> Sent: Wednesday, June 07, 2006 3:02 AM
> To: Jacobs, Marcia; Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Soft Phone Vulnerabilities
>
> A softphone is just a normal executable application, no more and no less.
> Its just that (unlike, for example, Word) its main job is to handle
> streaming audio.
>
> As an application it has full access to all the resources of the PC, and
> runs with the rights of the user that started the softphone.  Therefore if
> you login with administrative rights (which I guess an awful lot of people
> do), the softphone application has all administrative rights to the machine.
> Therefore if a softphone is carrying some kind of Trojan or backdoor inside
> it, an attacker could do any of the following:
>
> * Listen to any inputs on the soundcard
> * Read all your files and transmit them somewhere else
> * Capture data being sent to the screen, or coming in from the keyboard
> * Scour your machine looking for passwords, etc.
> * Disable antivirus or other protective tools
> * Monitor the LAN that the computer is attached to, and perhaps even attack
> other machines
>
> Since the soundcard is always powered on in a PC, there's nothing to stop an
> application switching on the mic at any time and listening.
>
> In summary, its not just 'softphone vulnerablities' that are the worry per
> se, but that fact that the whole PC is vulnerable to attack if the wrong
> kind of malware gets run on it.
>
>
> This is why people worry about Skype being used in the workplace, because
> (a) a lot of desktops have it across the world, which is an opportunity for
> hackers and (b) if they succeed in compromising Skype then not just audio
> but all kinds of secrets could be funneled out of the organization without
> anyone even knowing that an attack was underway.
>
> Regards,
> Martyn
>
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Jacobs, Marcia
> Sent: 06 June 2006 19:04
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] Soft Phone Vulnerabilities
>
> Wondering if anyone can recommend a good security document on softphones,
> and the potential of turning on microphone remotely.
>
> Thanks!
>
> Marcia Jacobs
> Sandia National Labs
> CA Telecommunication Ops
> Phone & Fax:  925.294.1586
> mjacob at sandia.gov
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> ********************************
> Ce message et toutes les pieces jointes (ci-apres le "message") sont
> confidentiels et etablis a l'intention exclusive de
> ses destinataires.
> Toute utilisation ou diffusion non autorisee est interdite.
> Tout message electronique est susceptible d'alteration. Le Groupe France
> Telecom decline toute responsabilite au titre de
> ce message s'il a ete altere, deforme ou falsifie.
> Si vous n'etes pas destinataire de ce message, merci de le detruire
> immediatement et d'avertir l'expediteur.
> *********************************
> This message and any attachments (the "message") are confidential and
> intended solely for the addressees. Any unauthorised
> use or dissemination is prohibited.
> Messages are susceptible to alteration. France Telecom Group shall not be
> liable for the message if altered, changed or
> falsified.
> If you are not the intended addressee of this message, please cancel it
> immediately and inform the sender.
> ********************************
>
>
>
> *********************************
> Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et etablis a l'intention exclusive de
> ses destinataires.
> Toute utilisation ou diffusion non autorisee est interdite.
> Tout message electronique est susceptible d'alteration. Le Groupe France Telecom decline toute responsabilite au titre de
> ce message s'il a ete altere, deforme ou falsifie.
> Si vous n'etes pas destinataire de ce message, merci de le detruire immediatement et d'avertir l'expediteur.
> *********************************
> This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised
> use or dissemination is prohibited.
> Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or
> falsified.
> If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
> ********************************
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list