Outrageously shocking: More than 100 Cisco, Avaya and Nortel VoIP security holes discovered

VoIPshield - Think Your VoIP is Secure? Think Again
It is shocking and outrageous that there are more than 100 security holes in VoIP products from Cisco, Avaya and Nortel. The flaws were discovered by VoIP security solutions vendor VoIPshield, which revealed the vulnerabilities to the public today. Since VoIPshield Labs is continuously finding new vulnerabilities, they plan on monthly disclosures to VoIP equipment vendors followed by public disclosure. An interesting example of an identified Cisco VoIP vulnerability revealed today, is shown below:
Example of a Cisco VoIP Vulnerability
In the above example, a potential attacker exploiting the Cisco Unified Communication Manager (UCM) vulnerability related to its Disaster Recovery Network, could obtain full access to the UCM by getting the remote shell on the attacker's machine. Subsequently the attacker could either disable UCM completely, download all the information from UCM to the attacker's machine or upload an executable file to the UCM. Then the attacker could force all the Cisco softphones connected to this UCM to reboot and download that executable file. It could be a bot, Trojan or worm. Once the executable is downloaded and executed an attacker is able to have full access to the user’s laptop running the softphone. This scenario could be repeated when, for example, the user of the laptop connects to another UCM.

VoIPshield has been working with major VoIP vendors since last December. Following the terms of their Responsible Disclosure Policy, VoIPshield provided all of the VoIP vendors with detailed vulnerability descriptions and enough time to reproduce and respond to them. Different vendors responded in different ways – some of them accused VoIPshield of grandstanding, self-promotion and skirting the boundaries of ethical disclosure. But others, specifically Cisco Systems, responded in a professional manner and acknowledged the issues and is working with VoIPshield to resolve them.

Bogdan Materna
"Personally I was surprised that Cisco Systems, known for not being very forthcoming when their products are singled out because of security issues, was very professional and willing to work with us to solve these issues," said Bogdan Materna - Founder & CTO of VoIPshield. "It was nice to see."

There are over 1.2 billion landline and over 2 billion wireless phones (there are less than 1 billion PCs). They are all converging on common VoIP network infrastructure and becoming part of the Internet. But as we have seen in the early days of the Internet, security problems are being downplayed or outright ignored. Vendors are rushing to market with new applications and devices without proper security. Users are, in most cases, not aware that their new voice infrastructure brings serious security problems and exposures. There are simple ways of quickly assessing the security of VoIP networks, for example, by using VoIP Vulnerability Assessment tools such as VoIPauditLite, which VoIPshield makes available as a free download. And if you want to protect your VoIP infrastructure from these attacks, you may wish to think about deploying a VoIP Intrusion Prevention System (VIPS) such as VoIPguard. View VoIP Security Resources:

View dramatization of hacking into a financial institution's VoIP telephony system and see just how vulnerable enterprise VoIP systems really are:

If YOU were a sales executive with a Cisco reseller, would YOU get FIRED for bringing up VoIP security with a potential VoIP enterprise customer?

Contact Brad Reese

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.