RSSReport: Attackers Can Hide Behind VoIP
By Ed Oswald | Published January 26, 2006, 6:01 PM
Security researchers with the Communications Research Network (CRN) said they have discovered loopholes within VoIP applications like Skype and Vonage that could allow hackers a way of covering their tracks. Attackers could hide behind VoIP because the data streams sent by these applications are continuous.
CRN is a joint venture between the Massachusetts Institute of Technology and Cambridge University. While the group said it had not heard of attackers using the technique as of yet, it would likely not be much longer before the situation occurs.
VoIP is especially useful for covering up denial of service (DoS) attacks, CRN explained. In a DoS attack, Hundreds or even thousands of "zombie" computers infected with malicious software transmit large amounts of traffic in a short period of time aimed at a particular server. The goal is to overload the server and cause it to lock up or shut down.
Due to the proprietary software that ensures Internet phone calls cannot be blocked by ISPs or firewalls, it makes it impossible to trace the VoIP call. Traditionally, attackers have used instant messaging protocols to launch such an attack.
"While these security measures are in many ways positive, they would add up to a serious headache if someone were to use a VoIP overlay as a control tool for attacks," CRN's Jon Crowcroft said.
Furthermore, if VoIP begins to be used as a method for Internet attacks, Crowcroft said it could threaten the nascent industry and drive most users away. He suggested that companies should work together and make their products utilize routing specifications based on open standards.
CRN is pushing for a central reporting system for DoS attacks. Currently, most organizations are underreporting attacks out of a fear that revealing them may undermine customer confidence. This database should be anonymous, CRN says, thereby allowing the communications industry to assess the scale of the problem and identify patterns of attack.
"It's important to remember that there are more of us good guys than there are bad guys," said CRN chairman David Cleevely. "The more we share information between us, the more we stay ahead of the game."
Does this mean someone can make a P2P app that uses this and let's people download mp3s and movies without fear?
Score: 0
The point here (valid one at that) is that proprietary and closed source messaging protocols used for PC based voip applications can help to mask zombie control signals and other attacks. In corporate networks this is not an issue because it is simple to to do egress filtering and intrusion detection that blocks all but known legitimate traffic...most larger companies are doing this now.
In small/med companies and in residential ISP's this is more troublesome and could eventually lead to some blocking as ISP's try to keep their networks running in the face of increasing non-standard traffic. We already know that the telco-isp's will de-prioritize competitors voip traffic. Blocking it for the sake of "security" is not completely out of the question if they think they can get away with it. Pretty sad if we have to encrypt and mask traffic from our own ISP but it may come to that.
Score: 0
Oh Noes! VoIP = Bad!!
Way for CRN to come off sounding like a FUD machine for the telcos...
here's hoping I'm wrong.
Score: 0