[VOIPSEC] Soft Phone security

Andre Fucs de Miranda afucs-listas at mandicmail.com
Mon Jun 12 21:23:07 CDT 2006 

Folks,

After sending I was reading it again and noticed that some information was
terribly wrong. The MPLS info wont be added by the EMTA but at the CMTS. So
instead of the user premises better read HFC network. Sorry for that. 5AM. :S

Best regards

---- Mensagem Original ----
From: "Andre Fucs de Miranda"
To: Voipsec at voipsa.org
Sent: Seg, Junho 12, 2006 10:58 pm
Subject: [VOIPSEC] Soft Phone security
> Marcia,
>
> There's a  huge chance that some application could turn your microphone
> remotely. This was already done a long time ago with the Back Oriffice. But
> I
> wouldn't say that's the biggest problem on softphones.
>
> IMHO the biggest problems with softphone are:
>
> - The use of a multi-purpose computer to accomplish the user agent task may
> compromise your user credentials. The reason is simple. Since your user is
> going to use a computer running a regular operating system he may be victim
> of a virus that could steal his login and password. Although this is a silly
> threat, the impressive growth of trojan based bank fraud may serve as an
> alert.
>
> - The use of a soft phone can make segregation of your network harder to be
> acomplished. Example:
> Usualy the Voice over PacketCable networks offer the customer an specific
> equipment called EMTA. This equipment can offer both Cable modem and
> Analogic
> Telephone Adapter functionalities to the user. The interesting point is that
> each of the EMTA's functionalities has can have a different MAC Address, IP
> and MPLS configuration. This can help you to ensure that the VoIP traffic
> will leave the user premises already tagged as voip traffic with an specific
> addressing scheme. Some may say that this would be possible in a softphone
> environment also, although I never saw this kind of implementation using
> softphones.
>
> Curiously the term VoIP always points to skype although this is not the only
> VoIP system and getting obsessed about this subject might not help. :-)
>
> Best regards,
>
> Andre Fucs
>
>
>
>> Wondering if anyone can recommend a good security document on
>> softphones, and the potential of turning on microphone remotely.
>>
>> Thanks!
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list