Analysis of German VOIP attack

VOIP security is an issue, but it is often overhyped (and often, misunderstood). However, “security breaches” in this area should be analyzed carefully to understand the potential issues as VOIP is rapidly rolled-out.

In September, “attacks” against German VOIP users were first reported by Heise in Germany. This attack didn’t get much attention in the US, which is understandable, since almost all of the coverage was in German.

It’s clear that the motive behind these attacks was to check for unsecured gateways. As to why they were checking for unsecured gateways, it seems reasonable to assume that the attackers were looking to make free calls (that conclusion was reached by HoneyNor for a similar series of attacks in Norway). Or, as VOIP expert Klaus Darilion said after analyzing the attack “I only saw the single INVITE request, thus the final PSTN target (Jamaica, Malaysia, …African destination are also often used) was not visible for me. But once the attacker found an "insecure" gateway - that means the gateway forwarded the request, the attacker can use it for making phone calls into the PSTN.”

However, safeguarding against such attacks isn’t that hard. Darilion has provided an excellent writeup on what happened, along with tips on how to protect an organization. I would recommend reading the “Countermeasures” section of his writeup for a fairly simple set of steps to protect your organization. Also, there’s more discussion on this issue at VOIPSEC.