Skip to main content

Analysis of German VOIP attack

VOIP security is an issue, but it is often overhyped (and often, misunderstood). However, “security breaches” in this area should be analyzed carefully to understand the potential issues as VOIP is rapidly rolled-out.

In September, “attacks” against German VOIP users were first reported by Heise (opens in new tab) in Germany. This attack didn’t get much attention in the US, which is understandable, since almost all of the coverage (opens in new tab)was in German (opens in new tab).

It’s clear that the motive behind these attacks was to check for unsecured gateways. As to why they were checking for unsecured gateways, it seems reasonable to assume that the attackers were looking to make free calls (that conclusion was reached by HoneyNor (opens in new tab) for a similar series of attacks in Norway). Or, as VOIP expert Klaus Darilion (opens in new tab) said after analyzing the attack “I only saw the single INVITE request, thus the final PSTN (opens in new tab) target (Jamaica, Malaysia, …African destination are also often used) was not visible for me. But once the attacker found an "insecure" gateway - that means the gateway forwarded the request, the attacker can use it for making phone calls into the PSTN.”

However, safeguarding against such attacks isn’t that hard. Darilion has provided an excellent writeup on what happened (opens in new tab), along with tips on how to protect an organization. I would recommend reading the “Countermeasures” section of his writeup for a fairly simple set of steps to protect your organization. Also, there’s more discussion on this issue at VOIPSEC (opens in new tab).

Alex is a technology CEO, with leadership, operating partner, investor, and board member roles at security firms including AutoLoop, Borland, Quarterdeck (now Symantec and Cisco WebEx), GFI/TeamViewer, Sunbelt Software (now ThreatTrack Security), BlueStripe Software, StopBadware, Knowbe4, Malwarebytes, and Runaware Holding AB. When CEO of Sunbelt he ran a security blog, and he still writes on security.