VoIP Pen-Testing

By -


Voice over Internet Protocol (VoIP), also known as IP telephony, is a technique for the delivery of voice communications & multimedia sessions over IP networks. In other words, It is a technology that converts your voice into a digital signal which allows you to make a call straight from a computer or any other data-driven devices. However, in most VoIP environments, It is possible to classify the IP phones by their SNMP signature.

 VoIP Risks and Vulnerabilities:

a) Reconnaissance Attacks
    Gathers information about network vulnerabilities and the behavior of network devices and                   services.

b) Call Hijacking and Redirection
     Call intended for one user is redirected to a different user.

c) Protocol Fuzzing
     Test the software system for bugs and sees what it's response will be.

d) Denial of Service (VoIP Spam)
     Spamming the network with large number of unsystematic messages.

e) Session Anomalies
     Improper arrangement of received messages.

f) Eavesdropping
     Unauthorized interception of RTP (Real-Time Protocol) media streams & voice packets.





 Techniques applied in VoIP Penetration Testing:

1) Test for Eavesdropping
     Decode signaling messages in RTP (Real-Time Protocol) media streams or voice packets.

2) Test for Logic Attacks and Flooding
     2.1) Use the flooding techniques such as SIP (Session Initiation Protocol) Invite or Register                         Packets to overload the devices with VoIP protocol packets.
     2.2) The TCP Synchronization Flood exploits the working of the TCP connection process.

3) Test for Call Hijacking and Redirection Attack
     3.1) Manipulate the registration related to the victim SIP URI.
     3.2) Check for the 3xx Response Code classes  to redirect the victim's call.

4) Test for ICMP Ping Sweeps
     4.1) Indentify the active hosts by sending ICMP ECHO REQUEST packets or send REPLAY                    packets for the same if  in case ICMP is blocked by the firewall.

5) Test for SNMP Sweeps
     5.1) Take the advantage of  Public Community Strings to gather sensitive information.

6) TCP SYN Scan
     6.1) Send a TCP SYN packet to a specific port to establish TCP connection.
     6.2) SYN/ACK Flagged response packet indicates that the port is open.
     6.3) RTP packet indicates a closed packet.

7) Tests for SIP User/Enumeration
    7.1) It provides a valid user names and extensions of SIP phones.
    7.2) Easy way to gain the user's registration.

8) Test for Enumerating and Sniffing TFTP Servers
    8.1) Locate the server within the network.
    8.2) It can be done by reading the TFTP Server IP address from the web-based configuration.

9) SNMP Enumeration
    9.1) Provides Config. Information such as Vendor Type, OS, MAC Address & Open Ports.

10) Test for Number Harvesting and Call Pattern Tracking
       10.1) An effortless to do this is to sniff all the SIP traffic on TCP/UDP port 5060 and analyse                        the ' From: ' & ' To: ' header fields.



 VoIP Pen-Testing Tools:

 1) Wireshark & VoIPong (Sniffing)
2) SNScan, Nessus & Nmap (VoIP scanning)
3) SipRogue & IAXAuthJack (VoIP Signaling Manipulation)
4) VoIPER & Ohrwurm (VoIP Fuzzing Tools)


 Recommendations:

 1) Maintain current patch levels.
2) Run VoIP traffic on VPN's.
3) Apply encryption selectively
4) Enforce SIP security.
5) Use IDP systems.
6) Install application-layer gateways between internal & external zones.
7) Use VLANs to protect voice traffic.
8) Maintain confidentiality for calls and voice.
9) Ensure proper security for voice gateway system and PSTN.
10) Design & develop appropriate network architecture.
11) Make sure that the VoIP security system can track back the communication ports.

Comments

Post a Comment

Popular posts from this blog

Report Suggests Apple iPhone XI to sport Long Distance 3D Camera Calling support.

By -
Image
The next gen camera technology has been in talks for some time now and Sony has been burning night hours in making it ready for mass productions. According to talk between Sony and BloombergQuint, The Sony will be soon be boosting their 3D Camera sensors after getting positive response from the customers and positive response from the market. The Apple Inc. is one of their customers. This new tech may result in huge improvements and a revolution in the smartphone photography. Some rumours also suggest that the Apple is planning to implement augmented reality features to its future Flagships and the future flagships may come with tri-camera setup. And from the rumours one can anticipate that these new camera features will be used to draw potential customer in the year 2019 by Apple Inc.  But the plans may or may not succeed as the most awaited and most anticipated feature the market has been waiting for the year 2019 is the smartphones and flagships with 5G connect...
Read more

Hack WPA/WPA2 WPS Wifi Hack

By -
Image
When it was known that a WEP network could be hacked by any kid with a laptop and a network connection (using easy peasy tutorials like those on our blog), the security guys did succeed in making a much more robust security measure WPA/WPA2. Now hacking WPA/WPA2 is a very tedious job in most cases. A dictionary attack may take days, and still might not succeed. Also, good dictionaries are huge. An exhaustive bruteforce including all the alphabets (uppercase lowercase) and numbers, may take years, depending on password length. Rainbow tables are known to speed things up, by completing a part of the guessing job beforehand, but the output rainbow table that needs to be downloaded from the net is disastrously large (can be 100s of GBs sometimes). And finally the security folks were at peace. But it was not over yet, as the new WPA technology was not at all easy for the users to configure. With this in mind, a new security measure was introduced to compliment WPA. Wifi Protected Set...
Read more

Affordable Galaxy Home Smart Speakers from Samsung Powered by Bixby

By -
Image
Image Credit: Samsung Recently Samsung introduced their Galaxy Home Smart Speakers powered by Bixby Assistant from Samsung and it is yet to hit the market, but rumours about them planning an affordable version of the speakers which will also be powered by their voice assistant Bixby. Although the full specification of the speaker is not yet known it is expected to have less features being the affordable one than the pricier one i.e. the Galaxy Home Smart Speakers. This could most likely be their strategy as the Galaxy Home Speaker may compete with the Apple HomePod which cost somewhere around 349 USD but for Samsung to compete with more affordable speakers available in the market like Google Home and Amazon Echo which are available at less than 200 USD or so they had to take this approach. Even though the launch Is not yet confirmed, for Samsung to be able to compete in this niche they will have to focus on the potential customers who opt for more affordable kind of appro...
Read more