VoIPER: Smashing the VoIP Stack while you sleep

Presented at DEF CON 16 (2008), Aug. 10, 2008, 11 a.m. (50 minutes)

With VoIP devices finding their way into the majority of major enterprises and a significant number of residential installations, the possible consequences of a security vulnerability that can be leveraged by malicious hackers are ever increasing. While the security of data and voice traffic has been extensively promoted and tested the security of the devices themselves has been poorly tested at best. A remote vulnerability in a VoIP device could subvert all other VoIP security and as a result extensive testing of both VoIP device software and hardware is needed if we are to prevent future intrusions. During this talk I will outline why the security of the software powering VoIP networks is of critical importance and why businesses, developers and security auditors need to pay more attention to the software they are deploying, developing and testing in real world installations. I will show the need for an automated, black box, protocol compliant and open source testing suite. I will then present VoIPER, a cross platform, easy to use toolkit that can automatically and extensively test VoIP devices as well as providing extensive target management, logging and crash detection critical to modern security testing. VoIPER includes a fuzzing suite which is fully protocol aware and can generate hundreds of thousands of tests for the major VoIP protocols. Unlike many attempts at fuzzing VoIP, VoIPER can interact with the devices under test in a fully protocol compliant fashion and potentially test their entire state spaces. Its classes are easy to use and extendable to allow users to piece together protocol compliant tests and integrate them with the main test suite. VoIPER has been used to discover security vulnerabilities in every device tested during its initial testing phase including soft-phones, hard-phones, gateways and servers.

Presenters:

• N.N.P. - Hacker, UnprotectedHex.com
  N.N.P. is a hacker from Ireland who's primary interests are in automating the vulnerability discovery and exploit development processes. He has been involved in the hacking and security communities for 6 years and discovered vulnerabilities in a variety of different applications. At the moment his main focus is on exploiting VoIP devices and the application of formal verification methods and dynamic binary instrumentation to fuzzing. He runs UnprotectedHex.com and is an administrator on the SmashTheStack wargaming network.

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#NNP
• https://infocon.org/cons/DEF CON/DEF CON 16/DEF CON 16 video/DEF CON 16 - NNP - VOIPER - Video.mp4
• https://www.youtube.com/watch?v=_4Ze3QKPank

Similar Presentations:

• DEF CON 15 (2007) / Z-Phone
• Black Hat USA 2016 / VOIP WARS: The Phreakers Awaken
• DEF CON 14 (2006) / Owning the Linksys wrtp54g VOIP Router