Check Point Reference: | SBP-2008-15 |
Date Published: | 20 Jan 2010 |
Severity: | Medium |
Last Updated: | Tuesday 01 January, 2008 |
Source: | IPS Research Center |
Protection Provided by: | |
Who is Vulnerable? | SIP VoIP Systems |
Vulnerability Description | The Session Initiation Protocol (SIP) is a signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP). The protocol can be used for creating, modifying and terminating two-party (unicast) or multiparty (multicast) sessions consisting of one or several media streams. The modification can involve changing addresses or ports, inviting more participants, adding or deleting media streams, etc. Other feasible application examples include video conferencing, streaming multimedia distribution, instant messaging, presence information and online games. VoIP opens voice communications to the same kinds of security threats that imperil data communications. Attacks on data communications can come through the IP voice infrastructure and vice versa. Denial of service attacks targeting weak VoIP elements could flood the network with voice traffic, degrading network performance or shutting down both voice and data communications. Hacked-into gateways might be used to make unauthorized free telephone calls. Unprotected voice communications might be intercepted and stolen or corrupted. Voice packets can be sniffed out and listened to in real time. PC-based soft phones are vulnerable to eavesdropping if the PC is infected with a Trojan horse that snoops into LAN traffic. Voicemail can be redirected to "ghost" mailboxes. |
Vulnerability Details | Hackers can attack SIP VoIP systems with different denial of service attacks blocking legitimate services, perform a denial of service attack on the entire network, sniff sensitive data and in some cases, even launch IP bounce attacks, traversing traditional security gateways, gaining complete control over the VoIP enabled system as well as the entire network. The most common threats include: * Call hijacking. Calls intended for one receiver are redirected to someone else. At best hijacked calls are a disruptive nuisance; at worst they can steal valuable sensitive information. * Fooled billing. For example, fake BYE and OK messages exchanged over the SIP signaling path appear to terminate a call and billing is stopped, while the media path actually remains open. Undetected, these attacks can rob an organization of considerable revenue. * Denial of Service attacks. The attacker mimics caller identities and cancels pending SIP INVITE requests. The result: an organization's phone system is effectively shut down. |