Fatih Ozavci - VoIP Wars: Attack of the Cisco Phones - a podcast by DEF CON

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Ozavci/DEFCON-22-Fatih-Ozavci-VoIP-Wars-Attack-of-the-Cisco-Phones-UPDATED.pdf

VoIP Wars: Attack of the Cisco Phones

Fatih Ozavci SENIOR SECURITY CONSULTANT, SENSE OF SECURITY

Many hosted VoIP service providers are using Cisco hosted collaboration suite and Cisco VoIP solutions. These Cisco hosted VoIP implementations are very similar; they have Cisco Unified Communication services, SIP protocol for IP Phones of tenants, common conference solutions, Skinny protocol for compliance, generic RTP implementation, VOSS Solutions product family for management services for tenants. Cisco hosted VoIP implementations are vulnerable to many attacks, including:

VLAN attacks

SIP trust hacking

Skinny based signalling attacks

Bypassing authentication and authorisation

Call spoofing

Eavesdropping

Attacks against IP Phone management services

Web based vulnerabilities of the products

The presentation covers Skinny and SIP signalling attacks, 0day bypass technique for call spoofing and billing bypass, LAN attacks against supportive services for IP Phones, practical 0day attacks against IP Phone management and tenant services. Attacking Cisco VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by the presenter). It has a dozen modules to test trust hacking issues, signalling attacks against SIP services and Skinny services, gaining unauthorised access, call spoofing, brute-forcing VoIP accounts and debugging services using as MITM. Furthermore, Viproy provides these attack modules in a penetration testing environment and full integration. The presentation contains live demonstration of practical VoIP attacks and usage of new Viproy modules.

Fatih Ozavci is a Security Researcher and Senior Consultant with Sense of Security. He is the author of the Viproy VoIP Penetration and Exploitation Testing Kit and MBFuzzer Mobile Application MITM Fuzzer tool, he has also published a paper about Hacking SIP Trust Relationships. Fatih has discovered many unknown security vulnerabilities and design and protocol flaws in VoIP environments for his customers, and analyses VoIP design and implementation flaws which help to improve VoIP infrastructures. Additionally, he has completed numerous mobile application penetration testing services including but not limited to reverse engineering of mobile applications, exploiting mobile services level vulnerabilities, attacking data transporting and storing features of mobile applications. His current researches are based on attacking mobile VoIP clients, VoIP service level vulnerabilities, web based VoIP and video conference systems, decrypting custom mobile application protocols and MITM attacks for mobile applications. While Fatih is passionate about VoIP penetration testing, mobile application testing and IPTV testing, he is also well versed at network penetration testing, web application testing, reverse engineering, fuzzing and exploit development. Fatih presented his VoIP research and tool in 2013 at DEF CON 21 (USA), Blackhat Arsenal USA 2013, Cluecon 2013 (USA), Athcon 2013 (Greece), and Ruxcon 2013. Also Fatih will present 2 training sessions at Auscert 2014 as well, "Next Generation Attacks and Countermeasures for VoIP" and "Penetration Testing of Mobile Applications and Services".

http://viproy.com/fozavci/

http://fozavci.blogspot.com/

http://tr.linkedin.com/pub/fatih-ozavci/54/a71/a94

https://twitter.com/fozavci

http://packetstormsecurity.com/files/author/5820

http://www.exploit-db.com/author/?a=5425

http://www.github.com/fozavci

Further episodes of DEF CON 22 [Materials] Speeches from the Hacker Convention.

Further podcasts by DEF CON

Website of DEF CON