It's possible to "kill" asterik via sending a modified "REGISTER" packet to SIP port 5060. There is some software in the net to demonstrate this effect.

All our phoneCUBE systems which have SIP clients connecting must be updated (specially phoneCUBE rental)

Official Comment:
The Asterisk and Zaptel development teams have released Asterisk 1.2.16.

This release contains a number of bug fixes, including a fix for a recently discovered security vulnerability. All Asterisk 1.2 users are urged to update to this release as soon as possible.

Contact me if you need to know more.

Cheers
Daniel

The inventor of PGP did it again. He is the driving force behind the new ZRTP protocoll.

With ZRTP we are able to encrypt SIP phone calls!! No one can listen into your calls anymore....

The solution is distributed as SDK (software development kit) and as
SIP phone (Zfone).

The ZRTP protocol used by Zfone will soon be integrated into many standalone secure VoIP clients, but today we have a software product that lets you turn your existing VoIP client into a secure phone. The current Zfone software runs in the Internet Protocol stack on any Windows XP, Mac OS X, or Linux PC, and intercepts and filters all the VoIP packets as they go in and out of the machine, and secures the call on the fly. You can use a variety of different software VoIP clients to make a VoIP call. The Zfone software detects when the call starts, and initiates a cryptographic key agreement between the two parties, and then proceeds to encrypt and decrypt the voice packets. It has its own little separate GUI, telling the user if the call is secure. It's as if Zfone were a "bump on the wire", sitting between the VoIP client and the Internet. Think of it as a bump in the protocol stack.

Website: zfoneproject

I will test the Zfone with phoneCUBE in the next couple of days.

Regards
Daniel

Cisco confirmed various security issues in its products. Some of the IP telephones allow any user to access the administration interface of the phones, some model even have a hardcoded user with well known password.

On the Cisco unified IP conference station 7935 and 7936 anyone can access the admin interface directly without username and password, just directly key in the URL in the browser...

The IP phones 7906G, 7911G, 7941G, 7970G and 7971G can be accessed via SSH with hardcoded username and password.

If you are one a phone with admin rights you can do all sorts of attacks or even bring the whole VoIP network down.

Cisco announced that teh patches will be ready soon!

Links:

Cisco Unified IP Conference Station and IP Phone Vulnerabilities, Security Messages from Cisco.

Multiple Vulnerabilities in 802.1X Supplicant, Error Messages from Cisco

Cheers
Daniel

Our Sanjay posted a link to an interesting white paper in our MCSB-Forum which covers current VoIP security issues and countermeasure.

The link: VoIP-Issues and Countermeasures

Regards
Daniel

If you need a easy to use "network-sniffing" tool to do a basic security assessment of our clients infrastructure Cain & Abel can be of great help.

What can you do with?

- Password recovery tool for Microsoft Operating Systems
- cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks
- recording VoIP conversations
- decoding scrambled passwords
- recovering wireless network keys
- revealing mailbox passwords
- uncovering cached passwords and analyzing routing protocols.

Cain & Abel has been developed in the hope that it will be useful for network administrators, and security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons.

Download: Cain & Abel (Windows NT/2000/XP)

Enjoy and be ethical !!

Cheers
Daniel