[VOIPSEC] Virus/Worms/Trojan attack against VoIP
Sumandra Majee
lal2ghar at gmail.com
Thu May 11 18:45:07 CDT 2006
I see one big difference between classic desktop/laptops vs. handheld/mobile
devices that is the processing power (CPU) and battery power. Desktop users
are used to AV scanner, spyware scanners etc. but it will not be possible to
do so on the mobile devices and handhelds. So what do they do? Use network
based gateway?
Sam
On 5/10/06, Ari Takanen <voipsa at codenomicon.com> wrote:
>
> Hello all,
>
> As majority of viruses and worms in VoIP today would exploit
> implementation flaws such as buffer overflows, virus attacks against
> residential gateways and IP-Phones are definitely possible. It is not
> necessary to use "a well known operating system", although that could
> help the virus to spread. If you are using Linux on your VoIP-phone
> running on x86 platform, any Linux virus variant should do it. If you
> are using commercial embedded OS, the worm has to be uniquely targeted
> to that operating system. PROTOS research, and Codenomicon testing
> tools definitely can show that there have been and still are tens of
> these flaws in any VoIP implementation, and in majority of platforms
> used today. But these flaws are easily found using robustness testing,
> but unfortunately not everyone tests for implementation flaws.
>
> But for majority of today's viruses and worms, we have two basic
> requirements:
>
> 1) Spreading requires heterogenous environment: Enough implementations
> out there for viruses to spread. So a VoIP device running on commonly
> used OS would be equally vulnerable to viruses as any other standard
> PC running the same OS. But in VoIP, the devices are able to find each
> other easily. A VoIP virus would use the contacts list to only attack
> VoIP users, so we could focus on measuring the market penetration
> only. This enables VoIP specific viruses.
>
> 2) Operation requires heterogenous platform: E.g. a standard
> Linux/Windows worm would with 99% certainty only run on x86
> platforms. "Shellcode" is almost always processor dependent. I have
> seen academic research on generic shellcode for any platform and
> processor architecture, but this is not common today. I would expect
> the underground to study the same topics...
>
> Until now, only PC's have been the only attractive widely spread
> heterogenous environment for viruses and worms. Mobile devices and
> VoIP are definitely following. Fortunately, majority of these widely
> used devices are typically already tested using our testing tools. ;)
>
> Best regards,
>
> /Ari
>
> On Wed, May 10, 2006 at 04:31:35PM -0500, Gupta, Sachin wrote:
> > Hi,
> >
> > Is anybody aware of the possibility of virus attack on a Resedential
> > Gateway / IP Phone, running of a well known Operating system, with Voice
> > capabilities ?
> > This kind of attack can even remove or change the digital certificates .
> > Soft phones may not fall in this category as they run on PCs which may
> > have antivirus installed.
> >
> > Is this a theoritical attack or anything like this has happened before?
> >
> >
> > Sachin
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> --
> -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
> Ari Takanen Codenomicon Ltd.
> ari.takanen at codenomicon.com Tutkijantie 4E
> tel: +358-40 50 67678 FIN-90570 Oulu
> http://www.codenomicon.com Finland
> PGP: http://www.codenomicon.com/codenomicon-key.asc
> -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
More information about the Voipsec
mailing list