VOIP WARS: ATTACK OF THE CISCO PHONES

Black Hat USA 2014

Presented by: Fatih Ozavci
Date: Wednesday August 06, 2014
Time: 14:15 - 15:15
Location: South Seas F

Many hosted VoIP service providers are using Cisco hosted collaboration suite and Cisco VoIP solutions. These Cisco hosted VoIP implementations are very similar; they have Cisco Unified Communication services, SIP protocol for IP Phones of tenants, common conference solutions, Skinny protocol for compliance, generic RTP implementation, VOSS Solutions product family for management services for tenants. Tenants use desktop and mobile clients to connect these services. Cisco hosted VoIP implementations and VoIP clients are vulnerable to many attacks, including:

The presentation covers Skinny and SIP signaling attacks, 0day bypass technique for call spoofing and billing bypass, LAN attacks against supportive services for IP Phones, desktop and mobile phones, practical 0-day attacks against IP Phone management and tenant services. These attacks are available for desktop and mobile clients too, such as caller ID spoofing and fake messaging to compromise clients, fuzzing VoIP call signaling, MITM attacks and crashing mobile clients.

Attacking Cisco VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by the presenter). It has a dozen modules to test trust hacking issues, signaling attacks against SIP services and Skinny services, gaining unauthorized access, call spoofing, brute-forcing VoIP accounts and debugging services using as MITM. Furthermore, Viproy provides these attack modules in a penetration testing environment and full integration. The presentation contains live demonstration of practical VoIP attacks and usage of new Viproy modules.

Fatih Ozavci

Fatih Ozavci is a Security Researcher and Senior Consultant with Sense of Security. He is the author of the Viproy VoIP Penetration and Exploitation Testing Kit and MBFuzzer Mobile Application MITM Fuzzer tool and he has also published a paper about Hacking SIP Trust Relationships. Fatih has discovered many unknown security vulnerabilities and design and protocol flaws in VoIP environments for his customers, and analyses VoIP design and implementation flaws, which help to improve VoIP infrastructures. Additionally, he has completed numerous mobile application penetration testing services including but not limited to reverse engineering of mobile applications, exploiting mobile services level vulnerabilities, and attacking data transporting and storing features of mobile applications. His current research is based on attacking mobile VoIP clients, VoIP service level vulnerabilities, web based VoIP and video conference systems, decrypting custom mobile application protocols, and MITM attacks for mobile applications. While Fatih is passionate about VoIP penetration testing, mobile application testing and IPTV testing, he is also well versed at network penetration testing, web application testing, reverse engineering, fuzzing, and exploit development. Fatih presented his VoIP research and tool in 2013 at DEF CON 21 (USA), Black Hat Arsenal USA 2013, Cluecon 2013 (USA), Athcon 2013 (Greece), and Ruxcon 2013. Also Fatih will present two training sessions at Auscert 2014 as well, "Next Generation Attacks and Countermeasures for VoIP" and "Penetration Testing of Mobile Applications and Services.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats