VoIP tools: attacks could increase threat

While Voice over Internet Protocol (VoIP) security may not be the highest priority for many IT security professionals or network administrators, experts are warning that the threat to VoIP communications is increasing.

Patrick Park, network engineer at Cisco and author of Voice over IP Security, said attackers have many different methods and tools for manipulating and intercepting VoIP communications.

A common denial of service (DDoS) attack could cripple a company for hours, but more sophisticated methods exist, Park said. Eavesdropping techniques, call pattern tracking, data mining and data alteration are among the more sophisticated threats to voice and video used in the workplace.

Park, who worked previously as a VoIP security engineer at a VoIP service provider, said he once monitored a VoIP attack originating from Jamaica that eventually overwhelmed the company servers and caused a service blackout for more than an hour. While DDoS attacks are the most common and least sophisticated, more savvy attacks are possible as the threat rises from insiders who have more networking knowledge.

“It’s not happening often, but whenever it happens the impact is very serious,” Park said. “Whenever servers are compromised or some network is affected, the impact is very serious and that’s the biggest problem.”

Using sophisticated software, an attacker also has the ability to alter messages or media after intercepting them in the network, Park said. The attack could be used as part of a corporate espionage scheme, but it takes more work because a person must know specific information about the network traffic.

SearchSecurity radio:

“An attacker can see the entire signaling and media stream between endpoints at the intermediary, injecting or replacing data,” Park said.

Despite some attacks increasing in sophistication, some VoIP security tools help automate the process and could be used by an attacker, said Dan York, chief technology officer of VoIP vendor Voxeo Corp. and member of the Voice over IP Security Alliance (VOIPSA).

“Tools bring VoIP attacks into script kitty land,” York said. “Some that will make it as easy as capturing all IP strings out there and putting them into mp3 files.”

A program called SIPtap, created by UK-based VoIP expert, Peter Cox, can monitor multiple VoIP call streams, record them and turn them into .wav files. UCSniff, developed by Jason Ostrom, provides a number of tools to assess the security of VoIP calls. The software package has several tools that could be used by an attacker to eavesdrop on calls.

Still, York said until VoIP yields a profit for attackers, the threat is minimal. As more companies add VoIP to their call centers, the threat level could rise, he said.

“We’ll be seeing more and more people doing interconnection in the next three to five years and that’s when it could get interesting,” York said.

Most people worry about eavesdropping, but the process of listening in on a phone conversation is difficult, Park said. Despite tools available to attackers that can sniff packets, Park said, the hacker would need to have the tool located in the same broadcasting domain as the IP phone or would need to be on the same media path. Media packets are often encrypted, making intercepted packets useless, he said. The other option an attacker would have is to compromise an access device, such as a switch or router, and forward or duplicate the media packets to a capture device.

“Most VoIP service providers use encryption, either signal or media encryption,” Park said. “End-to-end full encryption is the most common way to provide message confidentiality and integrity between communication end points.”