Security Basics mailing list archives

Re: VoIP & Security Testing

From: SMiller () unimin com
Date: Fri, 13 Jun 2003 12:45:23 -0400

Have you looked in the Security Focus archives? There are 2 threads
(actually 1 broken thread) entitled "Voice over IP applications
vulnerabilities/attacks" from early this year. Try:
http://www.securityfocus.com/archive/96/2003-01-01/2003-01-07/1
A brief review indicates a host of article cites and other links to
information on this topic. Whether any of that relates specifically to your
Mitel vs. Cisco decision is an exercise left to the reader...

-Scott Miller

"Kirsty Still"

<kirsty_still@hot To: security-basics () securityfocus com

mail.com> cc:

Subject: VoIP & Security Testing

06/13/2003 07:40

Help! I am testing some Mitel 3300 VoIP hardware and software and spent
yesterday scanning the internet (through Yahoo) for any exploits in
software
revision: 3.3.12.1 and didn't have a lot of luck.
As an end user in the corporation with a normal touch tone phone on the
desk, (my voicemail box is locked down just to national calls only)....and
as a security consultant I not only wanted to see if Mitel's software was
buggy/exploitable, but also to see if users can 'break-out' of their
accounts and access others to dial internationally or whatever.

The reason behind this is, that my company is going to spend a lot of money

on this equipment rolling out nationwide. There are the odd few that do
have access to international calling (i.e: managers etc) but then
occassionally there are a few odd calls to places like Kenya etc (porn
lines). This costs the company a lot of money .. therefore if we are to go

ahead with Mitel I want to make sure that every security angle is covered
on
it.

My questions are:
1. Using DTMF tones (once logged into your own voicemail box) can you break

out of your account and access others?
2. Are there any known Mitel software problems?
3. If you can break out of your account, and the software is linked over
the
LAN/WAN can a attacker/hacker use wireless etc to his advantage? (we plan
on firewalling areas just in case so it can be protected if this does
happen).
4. Do you have any other useful info please?

I am no phone phreaker and I really can't be bothered to make blue
boxes/beige boxes as I think it's not necessary here .. what I am really
trying to do is determine these problems, write up a confidentail report
and
hand it to management (without scaring them!)... so they can make their
decsisions between Mitel and CISCO. I am planning on doing the same
testing
with CISCO products in our LAB too.

Kind Regards
Kirsty

_________________________________________________________________
Express yourself with cool emoticons - download MSN Messenger today!
http://www.msn.co.uk/messenger

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

VoIP & Security Testing Kirsty Still (Jun 13)
- <Possible follow-ups>
- Re: VoIP & Security Testing SMiller (Jun 13)