Matasano Chargen - Latest Comments in Oyp Vey!

Re: Oyp Vey!

Chandler Howell — Mon, 19 Jun 2006 15:28:38 -0000

I think that we'll see a lot of Bad People leveraging the ease with which you can use VoIP to exploit bad business/security logic and assumptions in existing phone-based businesses.

The classic example of this is the ease with which VoIP can be used to produce false CallerID information (yes, I know you can do this in the "traditional" telecom world, too, but VoIP makes it easier). This has been leveraged to bypass the "call from your home phone to authorize" security mechanism to authenticate that a mailed credit card has made it to the intended recipient.

Another example is the ability to bypass user authentication of voicemail boxes when calling from the box's phone number.

Or, consider how VoIP makes area code irrelevant--traditionally, an area code allowed someone to assume where a caller was geographically located, and some systems, such as CRM-driven call centers, may make bad decisions as a result.

The friction between VoIP and the bad security assumptions of the PSTN (as Ivan points out above) will be interesting to see play out. Unfortunately, I think that carriers are mostly trying to fight the battle by lobbying against VoIP, as if that will make the problem go away.

Re: Oyp Vey!

ivan — Wed, 14 Jun 2006 18:40:35 -0000

what I wanted to point out is that although most of us are quite familiar and biased towards the traditional data network threats, which VoIP deployment are/will be prone to, the traditional telephony network threats remain valid and, even worse, the PSTNs are now more exposed through a wider attack surface. I've been a telco person in my previous professional life and had to spend substantial amounts of time reverse-engineering or otherwise figuring out all the signalling protocol kludges, patches and obscure implementation features in order to make different CO switches and PBXs interoperate with Unix systems. For that, 10 years ago, I needed expensive equipment (protocol analyzers, telephony cards, etc.) and direct access to digital (T1/E1) trunks, today it is possible to achieve the same using low-cost general purpose systems and open source implementations of SS7, MFC-R2, CCITT-R5, etc. It's scary to think that the guts of the PSTNs, networks founded on the premise of closed access and security thru obscurity, may now be open to scrutiny and exploration by a larger group of people with different motives and goals than those of the phreakers from the 70s/80s and early 90s

Re: Oyp Vey!

Dan Ingevaldson — Wed, 14 Jun 2006 11:29:10 -0000

Thanks for not trashing the Bizweek piece ;). ISS is taking a lot of media inquiries about VoIP lately, especially with the news hook regarding the Miami toll-fraud case. I think that your assessment is dead-on.

Wifi was fixed in the enterprise way before it was fixed in the consumer realm--oh wait, I can still hack all my neighbors. Same thing here. Enterprise VoIP can be done correctly, but just like in 2000-2001, enteprises can get crushed by the consumer leper colony.

Great point about Vonage. What chance do they have we go from maybe a hundred million global VoIP users to hundreds of millions in a couple years all engaging in seamless PSTN to IP or IP to IP calls from all corners of the earth? I hope they are gearing up.

When you combine in-band signalling as noted in Ivan's comment with an "open-source" phone system when pretty much anyone, or anything can just plug and play, you end up with an target that is just too juicy to pass up. FUD? The cool thing about technology predictions is that they don't take very long to be tested.

Re: Oyp Vey!

David Endler — Wed, 14 Jun 2006 10:25:11 -0000

Check out VOIPSA's VoIP Security Threat Taxonomy for a good overview. To borrow a line from the intro:

"While some early press accounts have focused on the potential for VoIP spam and VoIP call hijacking, the consensus of learning from this project is that there are many other threats inherited from traditional data networks (worms, DDoS, etc.) that are more likely to occur today."

There's good discussion regarding many of these threats on the VOIPSEC mailing list.

Re: Oyp Vey!

Daniel Clemens — Wed, 14 Jun 2006 09:13:31 -0000

You could _probably_ evade pbx firewalls like SecureLogix by war dialing them and changing your callerid on every call.

-Daniel

Re: Oyp Vey!

DM — Wed, 14 Jun 2006 00:06:31 -0000

It's probably a subset of Phownage, but I suspect we'll also see the usual DoS attacks against providers.

But more importantly what we'll see is poor architecture/engineering/serious lack of change control at the provider level and have extended outages as a result.

Another concern is that VOIP providers don't have the same disaster recovery requirements that the PSTN providers have. As VOIP becomes more prevalent in the househld, this could lead to interesting physical issues during major disasters.

Re: Oyp Vey!

ivan — Tue, 13 Jun 2006 23:37:19 -0000

what did you miss? hmm can't think of much more but perhaps this: enteprise VoIP systems end up connected to the traditionl PSTNs at some topological point and from there they can interact directly with the PSTN signalling systems...it's the phreakers wet dream; gaining complete control of a SS7 capable system and talking directly to the CO switches from a standard off-the-self OS like linux or windows.