What Makes Your SIP Vulnerable to Attack
If you are using Session Initiated Protocol then your business could be at risk. So it is important to know what makes your SIP vulnerable to attack.
Session Initiated Protocol (SIP) came into the world over 20 years ago, as the Internet began to gain steam, and developers felt a need to fabricate a system which could connect people over it. Different groups put forth their ideas, and in 1996, a rudimentary version of SIP was used as a mechanism to invite people to a large-scale multi-point conference. Since IP telephony did not yet exist, the invitation went out over what was called the Internet Multi-cast Backbone (Mbone)I. It would take three more years for SIP to assume the shape it has today. In 1999, the International Engineering Task Force (IETF) established RFC 2546 as the SIP standard, a precursor of RFC 3261.
And then came VoIP
Many VoIP technology developers used SIP as their application layer and SIP soon became (and remains) one of the most important protocols. Unfortunately, hackers also love it. Statistics show that 51 percent of the security events analyzed in the past 12 months involved VoIP accounts. One of the reasons for this is that unlike H.323 and Cisco SCCP (its closest competitors), SIP is both an external and an internal protocol. Although internal hacks usually get more publicity, the external nature of SIP makes it especially vulnerable.
As a result, even 20 years after its inception, SIP security remains a challenging field. User concerns include:
- Authentication: Can users steal others’ identities?
- Integrity: Is the SIP message received the same SIP message that was sent?
- Confidentiality: Is someone else listening in on the SIP call setup?
- Non-repudiation: Can you trace callers?
So what makes your SIP vulnerable to attack
A commonly overlooked security measure
Despite these concerns, a good number of VoIP users overlook the basic security rule: Thou must use a strong password. Some fall prey to the temptation to go ahead and use their extension number as their password. And a frightening number go for a what-the-heck 1234. Sometimes it’s a matter of too many passwords to remember, but sometimes it’s also because the communications system fails to provide an easy way to update passwords. Easily hacked passwords are a virtual invitation to hackers and malicious intruders.
VoIP hacker schemes
Thankfully we’ve made giant steps in reducing the amount of spam in our email inboxes, but how about Spam Over Internet Telephony (SPIT)? Because SIP uses the same pipeline (so to speak) hackers can hijack it to not only flood consumers with unsolicited automated phone calls made from the Internet- provided addresses but also use it as a vehicle for identity theft.
Caller ID Spoofing
Because SIP routes calls along the same paths as Internet and network traffic, cybercriminals look for the same vulnerabilities in VoIP phone systems. Once vulnerabilities are found, they can intercept, capture, or modify the system for their own malicious intent. One method of doing this is caller ID spoofing.
This practice allows hackers to manipulate the system so that the phone displays a number other than the one which they are actually using. Objectives vary from hacker to hacker. Some may be trying to unearth information about the victim, while others have far more nefarious schemes in mind.
An investigation carried out this year found that certain insecurely configured VoIP phone systems allowed attackers to initiate, receive, and transfer calls, upload new firmware, play recordings, and even use victims’ devices for covert surveillance.
Denial of Service (DoS)
Hackers carry out distributed Denial of Service attacks in order to cripple organizations that rely on their phone systems. Hackers accomplish this by flooding the system with a continuous stream of junk calls from automated IP dialers.
Securing the exterior
And so while any company fears internal hacks, taking the following measures can help compensate for the external nature of SIP.
Strong passwords, including those used for endpoints, voicemail accounts, and servers.
Use encryption. VoIP calls travel across the Internet unencrypted, allowing malicious parties to intercept voice data packets, and record calls. Encryption should be enabled and configured between all endpoints and deployed for internal as well as external traffic.
Consider Using a Session Border Controller. Much like virus protection and firewalls protect PCs, a session border controller exerts controls over media streams and signaling involved in setting up, tearing down, and conducting phone calls.
Is you SIP vulnerable to attack? If so take our advice and don’t make some the most common internal security mistakes.