Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Communications Security IT

VoIP Security 188

An anonymous reader writes "Whitedust are running an interesting article on the security aspects of VoIP. From the article: "The fact that VoIP operates across standard networks makes it vulnerable to all manner of IP hacking - including man in the middle attacks,sniffing, session hijacking, etc." Considering it's recent growth, how secure is VoIP?" PCM2 sent us a wired bit about Phil Zimmerman of PGP working on a privacy system for Voice over IP calling
This discussion has been archived. No new comments can be posted.

VoIP Security

Comments Filter:
  • by TripMaster Monkey ( 862126 ) * on Wednesday July 27, 2005 @08:05AM (#13175320)

    From TFA:
    is an umbrella term used forthesoftware
    some more introductionary information
    Considerating the stability and reliability of the tradional telephony networks
    so it's roll out is most likely inevidable.
    particular relevence to most
    VoIP and it's implementation.
    And all these errors are in just the introduction.

    Now, I don't expect perfection, but the sheer amount of errors present here is beyond the pale, and renders the reader incapable of trusting the subject matter presented, or taking the author seriously.

    Mr. Anderson, about 98% of the errors in your article could have been avoided by the use of a simple spell-checker. Nowadays, people don't actually need to know how to spell, as we have software to do that for us...but you have to actually use the software.
  • Man in the middle. (Score:5, Interesting)

    by matt21811 ( 830841 ) * on Wednesday July 27, 2005 @08:06AM (#13175325) Homepage
    I have never worried about man in the middle attacks on the internet. To be successful, it requires very good access to my ISP or the backbone carrier's network which is hard to do. Even if they can get that access all they can do is listen to my calls, have a chat with me and the other person or maybe hang up the call. Any attacker listening to my calls is going to get very bored very quickly. If they do the later two, it could cause them to get caught because I'll complain about the problem.

    The only security problem I see is if the attacker can learn information that lets him make calls billed to my account. This becomes the VOIP vendors problem anyway. When I notice something wrong with the bill I'll do a chargeback on my credit card for the bill and simply change VOIP providers. If this happens a lot, the VOIP vendor will do something about their security problem.

    Or am I missing something?
    • and what about at the other end ?
      If an attacker has access to a router beyond your isp/backbone but before the signals reciever then the contents can be subverted.
      Admittedly, if all you do is argue about the sports scores then there is not much risk.
      But if you were using VOIP as a transparent replacement to POTS (Plain Old Telephone Service) and were ordering a new car or dicussing your new pin number with the bank then things are quite different.
      • by Tony Hoyle ( 11698 ) <tmh@nodomain.org> on Wednesday July 27, 2005 @08:23AM (#13175412) Homepage
        If you're using VOIP as a transparent replacement to POTS there's no change.

        POTS is wide open to MIM attacks.. in fact anyone with a cheap earpiece can do it - no need for a PC even.
        • Re: (Score:3, Insightful)

          Comment removed based on user account deletion
          • Yeah because it's so much easier to pick the correct pair of wires out of several dozen or hundred on the local loop then it is to setup a router rule to capture VoIP packets.

            If you are a man in the middle at a Telco, then you probably have the knowledge of what pair to listen to. That assumes someone who is specifically targetted. You could just be unlucky enough to be the one which is randomly listened to at the Telco.

            Unless they are hanging off the pole outside your house (which would be rather brazen) I
        • The thing is, that person has to be physically out in the world, splicing himself into your line. Sure, it can be done, but the motivation needed to put someone to that kind of trouble is pretty intense.

          Used to be that way with a lot of information crimes, but the internet makes them possible on a whole new scale. Imagine a mim attack that compromises a couple of major VoiP hops, and sorts out the calls to banks and creditcard companies based on phone number, or whatever. That can be automated now, so a guy
          • It's much, much easier than splicing into someone's line.

            Ever hear of an inductive amplifier? About $20 gets you one of these treats. You can walk up to someone's house and push the button on it once you find the phone line going into their home. Most phone lines are exposed on the exterior for at least a few feet. Anyone that's ever 'toned a line' knows what to do and how easy this is.

            Furthermore, with a lineman's test handset, you open a pedestal in the neighborhood and clip your alligator
            • Yea, but I'd still have to go to someones house, hope they don't have a dog, stumble around outside to find that bit of telephone wire that comes up out of the ground... What a pain in the ass. I'd have to be really into stalking someone to make that worthwhile.

              But doing it from home, with a beer and a movie going in the background? Much easier.
              • Most of the time a dog isn't a concern. I installed cable modems before, and 90% of the homes I went to had the cable and telephone boxes within public reach on the side of the house, not buried in the back yard next to Cujo's doghouse.
        • POTS is wide open to MIM attacks.. in fact anyone with a cheap earpiece can do it - no need for a PC even.

          Try telling this to a judge. In the event that a security breach does take place (resulting in, for instance, loss of customer data), businesses don't want to be in the position of saying "but you could have sniffed that traffic just as easily on a POTS network, your Honor." Using POTS is the standard for security, and as bad as it is, you don't unduly expose yourself to liability by using tradition

    • I think you're mostly correct. The only thing I worry about is the casual call to a company you do business with that requires you tell them your SSN over the phone to set up or make changes to your account.
    • I have never worried about man in the middle attacks on the internet. To be successful, it requires very good access to my ISP or the backbone carrier's network which is hard to do. Even if they can get that access all they can do is listen to my calls, have a chat with me and the other person or maybe hang up the call. Any attacker listening to my calls is going to get very bored very quickly. If they do the later two, it could cause them to get caught because I'll complain about the problem.

      The only

    • It is far easier to intercept the middle than you could ever believe (though, about 3 years ago, I would have agreed with you).

      The real problem is that the man in the middle may handle the conversation in any way that they see fit. They can then place any set of words in your mouth (and the other parties). It becomes possible for various groups to total misdirect you or the other parties into certain directions. Interestingly enough, this can be used to provide for false convictions. And yes, this is very
    • To be successful, it requires very good access to my ISP or the backbone carrier's network which is hard to do.

      Actually it's trivial - by subverting the call setup negotiation. They don't even need to subvert the carrier's servers - replacing or inserting a SIP proxy via, for instance, DNS cache poisoning would do the job. With call setup corrupted the actual streams can be routed through any machines and paths they want.

      Even if they can get that access all they can do is listen to my calls, have a chat w
  • Paranoia (Score:5, Funny)

    by tod_miller ( 792541 ) on Wednesday July 27, 2005 @08:11AM (#13175355) Journal
    Hi Hun, I am gonna be a bit late tonight

    I thought you were going to give me a lift to Tinas?

    Thats tomorrow, have you been taking my pain killers again?

    No... erm... ok I'll see you later

    *click*

    Wait, we are being line-tapped

    Oh my god! Execute the Omega 13 Device!

    *end of world*

    Really - if you want security, talk in tongues, or use a third party audio scrambler, plus encrypt the session. (then unencrypted it will just sound like noise). Plus standon one foot while you talk, and occassionally look through the venetian blinds for snipers across the rooftops.
    • Re:Paranoia (Score:4, Funny)

      by mwilliamson ( 672411 ) on Wednesday July 27, 2005 @11:00AM (#13176756) Homepage Journal
      -SNIP-
      and occassionally look through the venetian blinds for snipers across the rooftops.
      -SNIP-

      Dude, why not stick your head out the door for a few seconds too while your at it? If you take paranoia seriously, you seriously need to set up outdoor pinhole cameras, like I have. I love the espressions of frustration on the sniper's faces. Also, keep in mind your location can be determined by a tempest brainwave triangulation attack, so wear the proper protection. (you have been warned)

  • by Anonymous Coward on Wednesday July 27, 2005 @08:17AM (#13175384)
    There is a program called Cain that can sniff VoIP traffic (as well as other things) and turn it into a wav file if it understands the codec. There is a video on how it works at: http://www.irongeek.com/i.php?page=videos/cainvoip 1 [irongeek.com]
  • by N7DR ( 536428 ) on Wednesday July 27, 2005 @08:27AM (#13175436) Homepage
    This is why the PacketCable 1.0 VoIP security spec runs to nearly 400 pages. (www.packetcable.com)

    Of course, now ask how many cable compaines are actually deploying fully PacketCable-compliant systems with all the security turned on the way it was designed to be.

  • by papaia ( 652949 ) on Wednesday July 27, 2005 @08:28AM (#13175448)
    Please visit the VoIPsec archives [voipsa.org], before assuming that any one article could cover it all. There you could find links and comments from some of the most pertinent contributors to this subject.
  • PGPfone (Score:2, Informative)

    by laptop006 ( 37721 ) *
    Was a neat little app a few years back for simple IP-IP VoIP that was (supposedly, never checked) well encrypted, it converted the key in to english words that you could say in your own voice to confirm that you weren't a victim of a MITM attack

    http://web.mit.edu/network/pgpfone [mit.edu]
  • The majority of people are going to be getting their VOIP service from someone sitting in their basement, or from Skype or somesuch. Their going to get it from their ISP, which will provide a security layer of some sort - separate VPN, encrypted trunks, etc.

    Anyone who believes that this is some 'golden age' of free communications is on crack. And cheap crack at that.

  • If you have a set of aligator clips and a phone. Or a set of diaganol cutters (DoS attack).

    I mean, really ... it's MUCH easier to access any of the copper lines strung all over than hacking anyone's VoIP connection.

    - Brian Roach
  • by Anonymous Coward
    Wouldn't it be simpler, more effective and thus cheaper to secure IP communication instead of securing Voice over IP, HTTP over IP, SMTP over IP, FTP over IP and whathaveyou over IP? There even is a standard for secure IP communications, inconspicuously called IPSec. Stop the nonsense and start using encryption where it benefits all protocols.
    • Plain ol' IPSec is not a cure-all in this situation.

      In fact, if you want to believe NIST, most of the hardened encryption algorithms can all verge on introducing too much delay into the process. The solution is to introduce a priority scheduling component into encryption engines, but given the language of the report, I'm not sure that's widely done at the moment.

      NIST has a nice technical report regarding all (or most) of the VoIP security approaches. It's quite lengthy, though, so use the ToC. http: [nist.gov]
  • by Ikester ( 571286 ) on Wednesday July 27, 2005 @08:48AM (#13175564)
    Can't something like OTR (Off The Record messaging - http://www.cypherpunks.ca/otr/ [cypherpunks.ca]) be applied to SIP or IAX conversations? I know it was designed for slow, IM-type packet traffic, but the crypto is there. It can't be that hard :)
  • by pp ( 4753 ) on Wednesday July 27, 2005 @09:01AM (#13175656)
    I mean, negotiating a private key between two hosts is trivial, just use the good old DH key exchange thing. Could even use IPSEC for the actual encryption, no need to reinvent the wheel and add crypto to the VOIP protocols, just do those security associations when you setup a call.

    The downside is, that a MITM is possible to get the key, but that's pretty damn unlikely compared to people just sniffing and listening to your call or blindly injecting data to an existing one. From what information is available about Skype, it does something like this, I believe.

    But, designing horribly complicated systems that cover the corner cases seems to be the norm, and those get ignored due to complexity and thus everyone does the unencrypted thing in the end :(
    • As you imply, though, anonymous (no working PKI infrastructure (that you can trust)) DH will NOT protect you from MITM attacks. As others have mentioned, security agencies certainly can MITM you (hell, they can just tell Comcast or Verizon to give you DHCP pointing your DNS servers to ones they control). So can organized crime (read the post about 3rd-world hotels (Phillipines) where they will use captive DNS servers to direct you to sophisticated phishing sites). Etc.

      Not to say that anonymous DH w/ SRTP
  • So what? (Score:4, Interesting)

    by j-tull ( 201124 ) on Wednesday July 27, 2005 @09:13AM (#13175759)
    Since when have good old fashioned telephone systems been secure? I can't count the number of times I've picked up a neighbor's conversation from their cordless phone. Although I'll agree that the scope of the attack may be broader with VOIP (after all, my neighbors phone only puts out enough power to be picked up within a certain proximity), I think an expectation of privacy on any current phone system is a flawed assumption at best.
  • by Sketch ( 2817 ) on Wednesday July 27, 2005 @09:31AM (#13175920) Homepage
    Considering I can walk up to 90% of the houses on the street. open up the phone box, and plug a lineman's handset (or anything else) into the phone line...how secure is the PSTN?

    If you think the PSTN is really secure, you might want to look through some old issues of 2600...
  • Folks, you have to remember that this article talks about the so-called nomadic voIP-services.

    I've been using VoIP for the better part of two years now, and it's maintained by my ISP. I run it over the Ethernet hookup I have, and as far as functionality is concerned I hardly notice the difference from POTS.

    Outages? I've had two. Once when my apartment lost power (thus the VoIP-box lost power) and once when some major link in my ISP's chain went down. As a matter of fact, I've had FEWER problems with VoIP th
  • To Be Banned (Score:2, Interesting)

    by duerra ( 684053 )

    I wonder how long it will be until things like VoIP encryption is illegal to implement on the user-to-user end. Once the government catches wind via some wacked-out organization, they're going to be pushing legislation to ban such products - all in the name of preventing terrorism, of course.

    Heck, my opinion is it's only because of the history of the open nature of computing that this industry is allowed to have encryptions like SSL where the government can't tap the line.

    And if you don't believe me, s

  • SIP/SSL? (Score:2, Interesting)

    by ajs318 ( 655362 )
    I would have thought the obvious solution would be something like SIP over SSL {which should be easy enough to set up, if Asterisk doesn't already have such a feature}, but maybe I'm missing something obvious about SSL that would preclude it.

    PGP-type encryption would be good {key servers, if you use them properly, are incredibly powerful: post your out-of-date private keys and now nothing you ever signed using any of them can be authenticated!}, but it isn't transparent.

    Whatever solution is adopted
  • Here's what I want:
    1. something that will work with existing SIP devices. I don't want to be tied to my computer to make a call.
    2. something that will encrypt each UDP packet separately, so voice robustness is not lessened. A single dropped encrypted packet shouldn't screw up the call any worse than a single dropped unencrypted packet.
    3. Something that will provide adequate security, but still run on something small and low-powered, such as a linksys wrt54gs router
    4. No significant latency...voip is already bad e
  • There's already an encryption spec for VOIP. Nobody seems to use it.

    I'd worry about the market for a new product when the demand has already been tested and found wanting.

    Then there's always the option of running your calls on a VPN, as several people have pointed out already. That's what I would suggest to a potential client in an initial consultation.
  • *sigh* (Score:3, Interesting)

    by matth ( 22742 ) on Wednesday July 27, 2005 @10:53AM (#13176683) Homepage
    VoIP is *more* secure then your PSTN... with the PSTN any doofis with a butt-set can climb the pole outside your house... or worse yet go OUTSIDE your house and tap into your line.

    With VoIP you have to actually be on the network.. and not just on the network.. but IN the packet stream.

    Hacker A who is on a server off the switch can't listen to your conversation... they woudl have to interrupt the packet stream flowing through the router.
  • VPN (Score:3, Interesting)

    by prisoner ( 133137 ) on Wednesday July 27, 2005 @11:01AM (#13176776)
    We work with a bunch of local phone vendors who always dictate that for site to site voip to be used, we need to setup a site to site VPN (or point to point circuit). It is my suspicion that they do this so that

    1. they don't have to be bothered with trying to figure out what ports to forward on the firewall and

    2. they have so much difficulty in troubleshooting their own systems that they love to blame everything on us.

    In any event, I picked up the new o'reilly book on voip and they talk a lot about avoiding vpn as it creates lag. They also indicate that sending all of your QOS flagged traffic down a VPN tunnel eliminates the ability of the upstreams to "see" the QOS flags as they are encrypted. Anyone else have experience with this?
    • by jesup ( 8690 ) *
      VPN and VoIP: BAD

      If it's a TCP tunnel, you add really bad delay and jitter in response to packet loss.

      If it keeps UDP as a form of UDP (IPSEC might do this), you only lose the QOS flags plus any VPN-related delay (which may be non-trivial, or may be no worse than direct SRTP encryption).
  • This article http://acmqueue.com/modules.php?name=Content&pa=sh owpage&pid=209 [acmqueue.com] covers the subject of VoIP security nicely
  • Patriot Actions (Score:2, Interesting)

    by Doc Ruby ( 173196 )
    "Who could blame him [Phil Zimmerman] for laying low for a while after the Justice Department launched a three-year criminal investigation of him in 1993? Officials accused him of violating a ban on exporting cryptography when he made PGP available for download on the internet. The government finally dropped its investigation in 1996."

    The Justice Department officials who "investigated" Zimmerman (persecuted him) set back the availability of privacy tech by at least half a decade, right when the Internet exp
  • ...Then create SSL VPN tunnels with OpenVPN (X509 PKI, TLS) between PBXs and enjoy.

    It's amazing what good design can do to improve security.

    "Oh you mean just setting up random SIP connections over the net is a bad idea?"
  • Voice Security (Score:2, Interesting)

    by caller9 ( 764851 )
    I care about security as much as the next guy but comparing POTS or even centrix security to VoIP is ridiculous. What about physical security that many have mentioned? I want to maintain 99.999 without having to worry about some jagoff with a backhoe whether he is driven by some virulent strain of Islam or is just a stupid ass. Much less a single leaky capacitor that has no backup system in place. So far it seems that even above ground, in my area, the ISPs have put more into redundant paths than the PSTN.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...