Lack of understanding of modern VoIP and UC security, means that many service providers and businesses are leaving themselves at risk to threat actors repurposing this exposed infrastructure for attacks such as botnets, malware distribution, vishing, DoS and toll fraud, said Ozavci.
Ozavci points to potential vulnerabilities in major UC product suites and IMS platforms, such as bypassing security measures, injecting malicious content to messaging, caller identity spoofing and billing bypass, along with problems caused by insecure configurations. By exploiting these vulnerabilities, attackers could gain unauthorized access to client systems or communication services such as conference and collaboration, voicemail, SIP trunks and instant messaging, said Ozavci.
The BlackHat presentation highlights weaknesses in UC messaging, federated communications and collaboration services that could be used to gain unauthorized access to the UC environment and client systems, as well as attacking client systems using signaling protocols and messaging. These attacks can be used to compromise the client systems connected using protocol and software vulnerabilities, said Ozavci, adding, Dial plans, misconfigured SIP trunks, conference and network infrastructures are also major targets for advanced attacks.
The Context researcher has also looked at media transport protocols such as (S)RTP for voice calls, file, desktop and presentation sharing. The media transmitted may have confidential or sensitive information, which can be an object of PCI, COBIT or compliance requirements such as credit card information on calls to IVR services or customer privacy information.
Due to insecure encryption and design issues, sensitive information in the media thats been transmitted can be exposed and compromised, said Ozavci.