VoIP Threats and Attacks

1
VoIP Threats and Attacks

• Alan Johnston ltalan_at_sipstation.comgt

2
VoIP as an Application

• VoIP is an Internet Application
• Subject to both voice specific AND Internet
  attacks
• E.g. flooding DoS attack could be INVITEs or TCP
  SYN packets
• Need to secure each layer independently
• Defense in Depth
• This Presentation uses VOIPSA (http//www.voipsa.o
  rg) VoIP Security and Privacy Threat Taxonomy
  as outline

3
Eavesdropping Threats

• Call Pattern Tracking
• Besides signaling, DNS queries can reveal
  information
• Traffic Capture
• Number Harvesting
• E.g. ENUM with Contact URIs or AORs with
  identifying information
• Conversation Reconstruction
• If Perfect Forward Secrecy (PFS) is not used,
  content can be stored for later decryption
• Voicemail Reconstruction
• Current low levels of authentication
• Fax Reconstruction
• Video Reconstruction
• Text Reconstruction

4
Interception and Modification

• Call Black Holing
• Authentication of responses critical
• Call Rerouting
• How many intermediaries
• Fax Alteration
• Conversation Alteration
• Authentication of RFC 2833 DTMF tones
• Conversation Degrading
• RTCP protection as well as RTP
• Conversation Impersonation and Hijacking
• Human to human authentication a la ZRTP
• False Caller Identification
• Trivial in PSTN today, commonplace in email
• Who is asserting identity as important as what
  identity is being asserted
• See RFC 4474 to see how to do this correctly

5
Intentional Interruption of Service

• Denial of Service
• Centralized servers make for better DoS targets
  (e.g. SBCs)
• Request Flooding
• User Call Flooding
• User Call Flooding Overflowing to Other Devices
• Overload voice mail storage
• Endpoint Request Flooding
• Endpoint Request Flooding after Call Setup
• Call Controller Flooding
• Request Looping
• Setting Max-Forwards to 69
• Directory Service Flooding
• DNS and ARP poisoning

6
Interruption of Service Continued

• Malformed Requests and Messages
• Disabling Endpoints with Invalid Requests
• Injecting Invalid Media into Call Processor
• Malformed Protocol Messages
• For SIP, see RFC 4475 Torture Tests
• QoS Abuse
• QoS can easily work both ways
• Spoofed Messages
• Faked Call Teardown Message
• Faked Response
• Call Hijacking
• Registration Hijacking
• Digest does not provide registration
  authentication
• Media Session Hijacking
• Server Masquerading

7
Interruption of Service Continued

• Network Services DoS
• Underlying Operating System/Firmware DoS
• Distributed Denial of Service
• Use ICE for media authorization to avoid
  accidental media DoS
• Other Interruptions of Service
• Loss of Power
• Resource Exhaustion
• Performance Latency and Metrics

8
Non-Technical Threats

• Social Threats
• Misrepresentation
• Misrepresenting Identity
• Misrepresenting Authority
• Misrepresenting Rights
• Misrepresenting Content
• Theft of Services
• Unwanted Contact
• Harrassment
• Extortion
• Unwanted Lawful Content Including VoIP SPAM and
• Other Subjectively Offensive Content
• Service Abuse
• Physical Intrusion

9
Selected SIP Specific Topics

• ACK and CANCEL can not be authenticated by
  challenge
• Require Offer/Answer in INVITE/200 OK
• Ignore CANCELs
• Non-symmetric routing makes response
  authentication extremely difficult
• Use rport or connection-reuse
• Certificates are good unless
• Not properly validated
• Not properly correlated to host names

10
Summary

• VoIP is a new application
• New is not good in security terms
• VoIP devices and software are new
• Security standards are still being developed in
  IETF
• Secure RTP media
• Usage of Secure SIP and TLS
• VoIP threats are much more Internet than PSTN