[VOIPSEC] Soft Phone Vulnerabilities
Dustin D. Trammell
dtrammell at tippingpoint.com
Thu Jun 22 17:07:55 CDT 2006
On Tue, 2006-06-13 at 16:17 -0400, Randell Jesup wrote:
> Cellphones and in particular the cell network are harder to physically hack
> (regardless of the security levels of the protocols themselves) than
> computer networks (which are often easy to attack sitting in your bathrobe
> 1/2-way around the world). Yes, I may be glossing over a few issues, but
> you get my point.
It's important to note that this is about to no-longer be the case. As
cellular carriers begin to deploy UMA and IMS systems, anyone with an
authorized SIM card (not hard to buy or steal), USB SIM reader ($30 from
various online merchants, I recommend the ACS brand readers), and some
hacked up software (a week or so worth of work) will be able to emulate
a cellular/wifi dual-mode user agent and will be able to attach to the
wifi access point and subsequently establish an IPSec SA with one of the
provider's SGWs. At that point it's trivial to access the back-end
cellular network, because they have a legitimately authenticated tunnel
directly to it (sans any strict per-connection firewalling at the SGW).
All while sitting in their bathrobe 1/2-way around the world.
--
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com
More information about the Voipsec
mailing list