Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy Your Rights Online

Bugging Catches Up To SIP Phones 70

SkiifGeek writes "After news at the end of last year that mobile phones could be remotely eavesdropped, and there being a long history of remote eavesdropping possible on normal telephones, it was only a matter of time until VoIP devices were found to be eavesdropable (whether intentionally or not). In the last week there have been several exploit code releases, and it seems that some vendors who chose to write their own SIP networking stacks are at risk of their devices being easily eavesdropped on."
This discussion has been archived. No new comments can be posted.

Bugging Catches Up To SIP Phones

Comments Filter:
  • by DamienMcKenna ( 181101 ) <damien@mc - k e nna.com> on Monday August 27, 2007 @08:13PM (#20378977)
    So why isn't there security implemented as standard? Come on, there are lots of perfectly good standards: SSL, TSL, SSH, etc.

    Damien
    • by temojen ( 678985 ) on Monday August 27, 2007 @08:22PM (#20379049) Journal
      Because SSL doesn't work for UDP and IPSec is hard to set up.
      • Because SSL doesn't work for UDP

        Excuse me? [openvpn.net]
        • by profplump ( 309017 ) <zach-slashjunk@kotlarek.com> on Monday August 27, 2007 @09:48PM (#20379675)
          You're excused. But SSL still doesn't work for UDP, at least not in any way that's useful for things like SIP.

          You can transmit UDP traffic through an SSL-wrapped tunnel, and you can transmit the SSL data using UDP packets, but since SSL is a stream chiper the other end still has to reassemble the enitre stream, in order before it can decrypt anything. And that in-order, no-lost-packets thing is the whole reason you decided against TCP in the first place -- you didn't want to stop the call for 0.5 seconds or more every time you dropped a single packet.

          And I'm not sure that OpenVPN uses SSL for UDP traffic anyway. The front page says "OpenVPN's security model is based on using SSL/TLS for session authentication and the IPSec ESP protocol for secure tunnel transport over UDP." Which reads to me like SSL is used to setup the tunnel, but that the tunnel itself uses IPSec.
          • by mpeg4codec ( 581587 ) on Monday August 27, 2007 @11:50PM (#20380513) Homepage
            SSL isn't any sort of cypher, it is a suite of crypto tools. The things people most often use it for are public key encryption [usually with RSA] and symmetric encryption. For the latter, an implementation may provide any number of block cyphers operating in various modes that effectively make them stream cyphers. For what it's worth, the only widely used strictly stream cypher is RC4 and I don't hear about it being used much outside of WEP/WPA (although SSL implementations do typically include it for completeness and backward compatibility).

            Unless it's changed drastically recently, OpenVPN uses SSL to encrypt each UDP packet. It uses one of SSL's block cyphers in a streaming manner and treats each packet as a distinct stream. That way, it can be decrypted independently of other packets and injected into the tun/tap device on the remote end.

            SRTP works in a similar manner, although you are correct in that it doesn't use SSL. Since UDP packets are meant to be semi-independent, both OpenVPN and SRTP have certain issues to handle, such as anti-replay measures and such, but both protocols define ways of handling this and are both quite secure in practise.
            • You're right, SSL isn't a chiper. It's a set of chipers and related algorithms inteaded to provide secure data streams. If we're going to be picky SSL is not a set of tools either. OpenSSL is a set of tools; SSL itself defines what those tools are expected to do.

              As for stream vs. block, you're right SSL supports block chipers. And they're even commonly used in things like HTTPS. But they all use CBC (Cipher Block Chaining). So while technically not stream chipers, they have the same limitation I was noting,
              • I suppose my understanding of OpenVPN must only be applicable to an older version in that case. I'll read into the source a bit more on that, but I do stand corrected.

                The whole idea of needing to get the entire stream to decrypt it is absolutely correct. However, it depends on what you define as the ``whole stream''. In the case of SRTP, they define each UDP packet as an entire, distinct stream. In fact, SRTP does not define usage with any stream cypher. The only cypher it allows in the spec is AES [a block
      • by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Monday August 27, 2007 @08:50PM (#20379287) Homepage Journal
        IPSec, using opportunistic encryption, is trivial to set up. You set "opportunistic encryption" to enable. That's it. Alternatively, use Sun's SKIP protocol. Enskip for Linux has been out for a while and there are probably other implementations for it. I wonder if SSL and VPN would work over DCCP - that gives you the reliability whilst remaining UDP-like. So, overall, I don't see this as a particular issue. If people want encryption, they could have encryption. The problem is, people act as if they want to be bugged. Possibly so they have something to complain about. That's why the English mess up England so much. They needn't, they are extremely intelligent, but if they didn't have trains that wouldn't run on the "wrong type of snow" or when there are "leaves on the line", they'd run out of things to say.
        • If people want encryption, they could have encryption. The problem is, people act as if they want to be bugged. Possibly so they have something to complain about.
          But --

          Wh--

          **blinking and mouth dropping**
        • by ajs318 ( 655362 )

          The problem is, people act as if they want to be bugged.
          Mod parent up.

          People also act as if they want mobile phones to be dangerous. Every time a study says they are harmless, they immediately call for more research to try and find some way they might be harmful.
        • OK, I'll bite. As a Brit, I'm tempted to respond with an equally facile quip about the crumbling public infrastructure in the USA. Collapsing bridges spring to mind. Mind you, I choose to live in France, where the trains are excellent, so...

          Returning on topic, I'm not sure that the 'caveat emptor' analogy can be stretched so far. To what extent can we expect people to be tech-savvy enough to know that their device is 'insecure' by default, especially when the marketing hype is to make things 'easy to us
          • by jd ( 1658 )
            Oh, the US doesn't have an infrastructure, they just sprayed blacktop on the wagon trails and hoped nobody would notice. :) I'm also an expat, formerly of Stockport. Yes, a northerner. Not some Lancastrian or Yorkshire lad, but a true dyed-in-the-Goyt weirdo.

            There is no "right to privacy" in the US, or even a "reasonable expectation of privacy". Indeed, under European law, no EU country should permit the export of personal data to the US due to the lack of sane privacy laws or even sane accuracy laws. Unl

            • Hello JD, thanks for your long and thoughtful reply. Sorry it took me a while to respond - 'trouble at mill...' (shitstorm @ a client). Fixed now...

              There's several points in your post, but to boil it down, I'm not sure that I agree that mass protest is the legitimate and essential prerequisite for taking action on subjects of public interest. Bit of a cop out, eh? "Gazillions of people have not complained about our insecure-by-design product, so we'll do nothing..."

              You're right in practise, (just look a
    • Security from a consumer perspective would/could equal less control over the system for the system owner. Of course, if the consumer would/could take more responsibility for parts of the system (code/encryption/3rd party devices) then they cold ensure more security.

      I figure it comes down to cost, and to most consumers that added cost (money/time/self education) is simply too high to justify for the small security benefit.
      • Comment removed based on user account deletion
        • I don't quite understand how more security options would equate to less control for the system owner in such a way that it would matter to the owner. Never underestimate the small (very large actually) benefit of encryption.

          If you (and others) had more options to choose from, then you (and others) might not purchase the solutions offered by the system owner. As for encryption, I share your value of it, but most consumers do not, and will not until something bad happens to them (Death Threats [thenewstribune.com]).

      • Aren't the manufacturers of these devices required to build in this support so the FBI can listen in to all our calls.

        Otherwise, the terrorists win!
        • Re: (Score:1, Informative)

          by Anonymous Coward
          I do not know if companies have standards like that to comply with (i'm not ruling that out) but having had some experience with the Air Force's OSI, I happen to know that any cell phone thats powered on is a potential listening device and it has been that way long before the patriot act. Not that people were arbitrarily spied on , the OSI only deals with Air Force personell and most civillian rights are waived upon enlistment.

          Although VOIP is completely different, I'm not suprised at all that if someone wa
    • by wolrahnaes ( 632574 ) <sean AT seanharlow DOT info> on Monday August 27, 2007 @08:43PM (#20379211) Homepage Journal
      There is. [wikipedia.org]

      Anyways, this has nothing to do with standards, this is all badly implemented software.

      SIP uses Digest authentication by default and can be encrypted, RTP can be encrypted, the protocols are secure. Just because Cisco (and apparently Grandstream) don't seem to be able to implement them right (though amusingly enough I just tested both of the Cisco 79x0 exploits against a few 7940s in my office running the 7.4 firmware and they weren't affected, so it's a newly introduced bug).
      • Here's a thought that has been "bugging" me (lol) for a while.

        If the US had allowed encryption to be freely used on the net (PGP, https, etc), all of us would be using https to read our e-mail, post on forums, etc.

        And encryption would be taken for granted. If a company neglected to use encryption in phones, it would come to the news and this would be called "The bug-gate".

        But thanks to homeland security (and US trading laws), people have been slowly forced into using insecure channels for everything.
        Isn't this ironic?
        • by blhack ( 921171 ) *
          What the hell are you talking about? Those of us that want to use encryption do. Reading things like slashdot in encrypted form is overkill (and undue overhead for the servers).

          Was this an extreme failure attempt at funny that a bunch of confused ./ mods thought was insightful or what?
        • Uhhh, not really (Score:5, Insightful)

          by Sycraft-fu ( 314770 ) on Monday August 27, 2007 @10:04PM (#20379809)
          The problem with encryption uptake is way more than just governmental. I mean the US's export restrictions never did much, there was strong crypto available from outside sources. The more important reasons for lack of crypto uptake:

          1) The speed. These days, it has gotten to the point that encryption is pretty much trivial. We have better algorithms that are faster to do in software, and processors have gotten many times faster. This was not true in the mid 90s when the Internet started to take off. Encryption was a large hit, especially on a server. Thus you didn't use it unless there was a good reason.

          2) Convenience. Encryption is harder to use than not. In the case of something like a website, it means getting a certificate. Yes, you can just generate your own, but then web browsers cry. In the case of e-mail it means you have to have a way of distributing and checking keys and such. With unencrypted e-mail you just send someone a message, with encrypted e-mail there are a number of additional steps, especially if you want to make sure you really are doing it securely.

          3) Lack of a reason. When the Internet was getting going there just wasn't really a reason to use encryption. There wasn't the problem with hackers and shit there is today. I mean in its origins, it was just a research network connecting select institutions with a few users. If you had problems, you could probably just call the guy that was causing them. Nobody really saw a need to encrypt it. Likewise, when consumers first started getting in to it it was mostly just a playtoy. You weren't conducting business over it so who gives a shit if someone sees what you are doing?

          We are now seeing a rise in encryption because there IS a reason, and computers don't have much trouble handling it. However it'll still probably never be totally pervasive because that's a pain and useless. I mean what good would it do to have Slashdot go over SSL? It's all public. You could intercept this post in transit, or you could wait 2 seconds and just read it. Likewise until someone comes up with a good method for e-mail encryption that is both secure and no more effort than what we've got now, it isn't going to happen on a wide scale.

          While I'm sure the US government's export regulations didn't help, to peg that as the cause is just wrong.
          • I mean what good would it do to have Slashdot go over SSL? It's all public. You could intercept this post in transit, or you could wait 2 seconds and just read it.

            I will agree that encryption Slashdot seems a bit extraneous, but using HTTPS would be meaningful. An HTTP connection can be easily man-in-the-middle attacked if you have access to the connection between the client and the server, which, admittedly, is not a trivial conditional to fulfill. Such an attack would allow someone to hijack you session and... post flamebait to drive down your karma... Yeah. That really does not sound very serious, but it is something.

            • It would be nice if slashdot supported ssl even if it was just a self signed cert I would be happy to memorise it. The number of times I have wanted to log on and I know the guy sitting next to me is sniffing my traffic and then I have to route it through ssh to my server is really annoying.
          • Re: (Score:1, Interesting)

            by Anonymous Coward
            That's very shortsighted. Knowing which articles my team is reading and commenting on (not just "something on /." which is all TLS gives away) is pretty close to telepathy. Web searches are even more important. Almost every company I've ever worked for paid a bonded service to shred my printouts, and those don't give competitors nearly as much insight into my current work.
        • by willb ( 34706 )
          It is Orwellian doublespeak. Orwell did not get the year right, but the direction is correct. At the current rate it will be around 2024 rather than 1984. I wonder what name Big Brother will have...
        • Re: (Score:1, Insightful)

          by Anonymous Coward
          The central issue with encryption is 'trust' .. Without trust relationships all encryption regardless of how cool it may be is *USELESS* IE subject to trivial MITM.

          The problem with trust is that its very hard and very expensive to do correctly on a large scale. This is why secure sites pay hundreds of dollars a year for their SSL certs which everyone **trusts** is spent to verify the sanity of those the certs are being issued to rather than going into new Yachts and Fusion powered golf carts.

          PGP signing pa
        • Public? Forum? Did you get that, Joe?

          No we wouldn't. Encryption would needlessly create overhead for menial tasks such as reading e-mail and posting on forums.

          Media-level encryption on posts going to a public forum is pointless. Security should only be invoked when absolutely needed.
        • People have not been forced into using insecure channels for everything, unless you consider a land-line as secure.

          Go rent Lethal Weapon and look at the phone that Murtock was using when he calls the shrink. The things as big as an ammo can. Do you think that thing had any encryption?

          Your post wasn't ironic, it was just stupid.
    • Re: (Score:1, Troll)

      by jddj ( 1085169 )

      Howsabout Phil Zimmerman's zfone [zfoneproject.com]?

      <grammarnazi>
      note to editors: A sentence is a lousy thing to hang a preposition on the end of

      </grammarnazi>
    • That would be good, but it would only help against the threat of someone eavesdropping on your phone calls. The article was about something scarier, namely turning your phone into a room bug transmitting audio to the attacker while the phone looks like it's not in use.
      • Encryption can help against some attacks, but this is partly an authentication / permission issue (who do you accept calls from and when? SIP is peer-to-peer with proxies, and you might want your PBX to be doing presence management and voicemail handling for you, etc.), and partly a user interface design problem (the phone received a call, didn't ring the ringer, and didn't ask for user permission before answering? Yikes! Who let that through the feature definitions phase?) It's one think to have the *u
    • by Akatosh ( 80189 )
      > Why no security as standard?

      CALEA compliance.
    • by Jeruvy ( 1045694 ) *

      So why isn't there security implemented as standard? Come on, there are lots of perfectly good standards: SSL, TSL, SSH, etc.

      Damien
      There are actually no good implementations ATM. Many are looking into just such an appliance, but implementation as a standard may take so many years, we may just evolve around it.
  • by EmbeddedJanitor ( 597831 ) on Monday August 27, 2007 @08:20PM (#20379035)
    Its a way to explain why phones don't live up to their advertised battery life.

    But think of the situations where you have to turn a cell phone off for safety reasons: hospitals, gas stations, planes. Activating a cell phopn'e transmitter is not always a good idea.

    • by jdogalt ( 961241 )
      I wonder how much the feds paid apple to make the battery in the iphone non-removable? (blatant troll... yes I know removing the battery casing is a legitimate benefit)
    • Re: (Score:3, Interesting)

      Comment removed based on user account deletion
      • by mikiN ( 75494 )
        For my reply, I'll let my .sig do the talking...
      • by caluml ( 551744 )
        Symbian doesn't allow squat to get installed without a series of confirmation dialogs

        Unless it's signed by the network operator, or, gasp, the phone manufacturer.
        You're telling me that you don't think it likely that Nokia (for example) wouldn't sign an app that installed, and ran without any prompts at the behest of a national security agency? You're crazy. It's probably written into contracts for legal intercept.
  • voipong (Score:4, Informative)

    by Cytlid ( 95255 ) on Monday August 27, 2007 @08:31PM (#20379125)
    I was part of a few voip beta tests a few years ago both for places I've worked and competitors. I installed this program, and it worked well. It's like a sip packet sniffer. So this is really nothing new.
  • Zfone? (Score:5, Interesting)

    by hedley ( 8715 ) <hedley@pacbell.net> on Monday August 27, 2007 @08:44PM (#20379219) Homepage Journal
    Should VoIP users consider using Phil Zimmermans Z-fone? possibly a bit more secure than what we have now
    I would wager.

    http://zfoneproject.com/ [zfoneproject.com]
  • by drspliff ( 652992 ) on Monday August 27, 2007 @08:46PM (#20379251)
    Disclaimer: I work for a VoIP company.

    One of the main problems if you're really paranoid is that there is no standard for encryption of SIP calls or RTP streams. There are viable options such as SSL for SIP sessions over TCP then using libZRTP (from the ZFone people) - but it's non free and non-standard.

    Consider this, you use WiFI roaming on your phone and route calls over SIP whenever possible because it's free, combine this with off the shelf tools (like Oreka) and you can easily record both sides of all VoIP calls on your base station.

    iirc on the 3G and GSM side of things there are open standard for encryption that all devices support, but normal SIP phones and software (e.g. PSTN gateways, application servers) are all lagigng behind.

    I've done research into developing encrypted RTP protocols with no bandwidth overheads, but haven't had the time to implement much of it yet, although when I do finally get round to it it'd probably end up as a commercial project and would be trying to standardise it unless there was a business case for it (not my domain).

    A bit of a tangent and not really a direct comment on the article (buggy sip stacks), but I'm just thinking of the bigger issues here.
    • by muonzoo ( 106581 ) on Monday August 27, 2007 @08:53PM (#20379311)
      Somehow you didn't notice section 26 of RFC 3261 [ietf.org] or RFC 3711 [ietf.org]?
      There are many interoperable, secure SIP devices -- the industry chooses not to deploy them for a variety of reasons, some good, some bad.
      • Re: (Score:3, Interesting)

        by badfish99 ( 826052 )
        the industry chooses not to deploy them
        Which is the whole problem. Section 26 of RFC3261 is entitled "Security Usage Recommendations" and describes a variety of security mechanisms that implementors may (or may not) choose to use.
        If I am in control of both ends of the SIP conversation, I can arrange things so that it is secure. But if I just call some random person on a SIP phone, it look like I've got no guarantee that the two ends will negotiate any sort of encryption, and if they do not, there is no
    • How would you do this? I'm imagining a scheme were the phone speaks to a VOIP server using encrypted data, and there server relays that data unencrypted to the PSTN, or encrypted to another VOIP server.
      • When you're terminating with a PSTN service, it would be decrypted by the PSTN termination server and passed onto the PSTN, however all data between the user and the SIPPSTN server would be encypted.

        The same applies calls between users, just like you negotiate codecs, the higest priority codec would be the encrypted one - so if available both sides use the encrypted codec, otherwise they fall back to AMR or G729 etc.
    • by jesup ( 8690 ) *
      The problem isn't *no* standards for encryption with SIP; the problem is *too many* ways. Not really the actual data encryption, but the ways for exchanging keys. Someone did a matrix for an IETF meeting a year or so ago; there were something like 15+ methods, mostly incompatible, all with different side-effects on early media, conferencing, forking (having multiple phones ring), processing overhead, etc, etc. And there's no agreement on them. People are trying, however. For the data encryption, mostly
  • TLS!! (Score:2, Interesting)

    by whardier ( 1148463 )
    Many phones and PBX's support SRTP by using TLS. This is still a huge privacy issue for most people, however encryption fixes privacy issues with most network tapping systems. You guys having a hard time with Comcast and BitTorrent? YOu can use IPSEC to get around a lot of that, or LogMeIn/Hamachi. If torrent sites existed in Hamachi networks (why not?) which is purely P2P as well as free and encrypted then you can go about your business with 802.3 segments encrypted and sent over completely dynamic IP
    • by mikiN ( 75494 )
      Isn't the free version of LogMeIn a 'hosted' service? Or: who is watching over your shoulder?
      • There is a public server that helps link P2P nodes together, however the data itself is encrypted between p2p peers only. Its quite secure, the only thing the server knows is the IP address your client responds to, the same goes for any node connected to that specific hamachi network. There is no evil eye.

        The concept behind Hamachi and LogMeIn is incredibly simple. Connect to server, punch hole in NAT, look for local peers, use server to negotiate issues with p2p connections, connections between each pee
  • Whitenoise (Score:1, Funny)

    by jlebrech ( 810586 )
    Everyone should add some whitenoise to their conversation.

    Just replace the words "mother" with "dealer", "holiday" with "bank job", "tv" with "nuke", any "john" with "osama", "cook" with assasinate.

    That way, they wont be able to dicypher the real from the fake.
    Then again someone should try it first.

    Let me know how it goes, and I will start doing this.
  • With all of the wiretapping/easedropping going on in the US these days, I am looking for a mobile solution. ISPs and Telecom companies are now being directed by the government to keep these backdoors open for them to be able to listen in on communications.

    There has to be a way to get a secure/encrypted communication on a mobile device. I am thinking of VoIP on a mobile phone using service providers internet connection or if you are in Wifi range then use that. The idea is to create a system that secures wir

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...