[VOIPSEC] Virus/Worms/Trojan attack against VoIP

Shawn Merdinger shawnmer at gmail.com
Wed May 17 02:28:33 CDT 2006 

Gupta, Sachin wrote:
> Is anybody aware of the possibility of virus attack on a Resedential
> Gateway / IP Phone, running of a well known Operating system, with Voice
> capabilities ?

Hi Sachin,

To add to Hendrik Scholz's excellent comments:

1.  Custom firmware images for both IP phones and residential gateways
are used by providers like Vonage for the F1000 phone and Linksys
gateways.

2.  More features in these VoIP gateways, especially 802.11b/g wifi
(and even Bluetooth to a certain extent) opens up new attack vectors
-- I'm thinking garbage truck rolling through a neighborhood
compromising APs and computers with wifi that then go compromise other
gateways, etc.

3.  Wire-side attacks are a vector that is ripe for attack imho.  This
Network World eval from 2004 provides some interesting insights of
several vendors' boxes:
http://www.networkworld.com/reviews/2004/1004wirelesslockside.pdf

4.  Another common OS on both IP phone and residential gateway
platforms is VxWorks.  Typical developer oversights with VxWorks
include leaving in default accounts, debugging ports, etc.  As Hendrik
noted, Linux is widely used as well, and of course is not immune to
security oversights as we've recently seen: shared SSL certificates,
admin/admin, etc.

5.  I personally think the wide deployment of these residential
gateway devices has increased their target value to the point where
"0-day" vulnerabilities are not likely to get disclosed.

6.  I think the low profit margin marketplace of these devices makes
the landscape fairly cut-throat.  On the supply-side, OEMs are likely
getting hit with Wal-Mart purchasing tactics and providing devices
with varying components and software builds, thereby further
complicating even basic QA....once that US $40.00 box actually works
(sort of) and does what it's supposed to (most of the time), we're
probably kidding ourselves thinking that *most* vendors will even get
around to addressing the *real* security issues.

After all, this is just for your home cable/dsl/voip connection,
right?  Nobody would ever use a residential router in, say, a critical
infrastructure SCADA management network....right?

Well, maybe not...

http://cfpub.epa.gov/safewater/watersecurity/guide/productguide.cfm?page=wirelessdatacommunications
http://www.sandia.gov/scada/documents/NSTB_NSIT_V1_2.pdf

Thanks!
--scm

More information about the Voipsec mailing list