CIP Cyber

VoIP Penetration Testing & Security Risk

Table of Contents

VoIP or voice over IP (Internet protocol) is a transmission mode
designed for use in voice and multimedia communications. As IP (Internet
protocol)-based networks like the Internet seem to be most successful
communications infrastructure, the traditional telephone network is
currently being replaced VoIP. Nowadays, its clear improvements and
advantages over the old systems make it a popular substitute, with a
number of advantages. Among them:

  • The low cost of VoIP as
    compared to a traditional telephone network. There are any number of
    services available free of cost (like Skype) that allow you to
    communicate over distances long or short, PC-to-PC and free of cost.
  • VoIP
    is portable. Portability and mobility is another advantage of VoIP over
    traditional telephone; you only need an Internet connection for
    communication.
  • VoIP service includes a number of
    different advanced features not normally available with traditional
    telephone service, including call forwarding, conference call, caller
    ID, virtual numbers and more.
The advantages are many but
this is not our main topic of discussion. (Likewise, there are a number
of disadvantages, too: VoIP services depend on Internet connection
speed; voice quality depends on the performance of your computer, and so
forth). So what is our point in discussing this? What we examine here
will be the security aspect of VoIP. In this article, we will review:
  • An overview of VoIP
  • What is Asterisk? (and what are the functionalities)
  • What is Trixbox?
  • VoIP hacking (Penetration testing on an asterisk based network)
With
so many aforementioned advantages, VoIP is gaining popularity among
both organizations and private users alike. But what about the security
issues? As should be entirely predictable, any new technology
immediately presents opportunities for those seeking to cause mischief.
This is confirmed by reports I’m sure you’ve heard about: not just the
phone hacking scandal in Britain, but the hacking in which thieves
easily steal confidential information from a victim because their
network was not secure.

If you are a pen tester or ethical hacker,
then you have an idea about the importance of penetration testing in VoIP, because most of the important communications going on today occur
on VoIP and securing confidential information is therefore critical. We
will do some practical penetration testing on a VoIP-based network, but
first of all I will show you how to build it.

Asterisk is an
open-source software that can turn your computer into a communications
server. There’s an asterisk software for PBX (private branch exchange)
that allows you to make calls and transfer your data.
Trixbox is a wonderful software (or PBX: private branch exchange), based on the asterisk project. It was formally known as Asterisk@Home
but in October 2006 it was renamed Trixbox. The difference between
trixbox with other PBX is that trixbox is based on IP (Internet
protocol) and has been designed for small and medium sized businesses.
There are mainly two version of trixbox available: one is Trixbox CE (a
free and open source), while the other – called Trixbox Pro – is one
that you will need to purchase.

Protocols & Ports

You
must have an idea about the protocols and their ports before attempting
to launch actual penetration testing on a VoIP network.
SIP (or
session initiation protocol) has been defined by Internet Engineering
Task Force (IETF) as the protocol for VoIP communication (in other
words: a signaling protocol). SIP uses port 5060 and 5061 for both TCP
and UDP.

SDP or session description protocol is for multimedia
communications, while MGCP (media gateway control protocol) uses port
number 2427 and 2727 for UDP.

RTP (real-time transfer protocol)
defines the packets to deliver videos and audios on IP based network
like VoIP. RTCP (RTP control protocol) is just like RTP, and it is used
to structure the packets that are defined by RTP.

IAX
(Inter-Asterisk eXchange) is an important protocol used in the asterisk
system and is supported by a different soft-phone and PBX. IAX2 is the
second version of IAX and works on the UDP port number 4569.

VoIP Penetration Testing

The
process of penetration testing on a VoIP network is generally the same
as the penetration testing on any other network. All we need to do is to
follow the general guidelines, starting with information gathering, as
we would with any form of penetration testing. We will do the same on
VoIP network.

Let’s consider a
simple scenario: you have found an asterisk-based PBX while doing a
penetration test on a network, like the nmap result showing below:



It
might be some sort of VoIP server, so a smart penetration tester would
use the available tools to learn more about this server. Therefore, in
this section I will discuss some of the tools and their usage that will
be really helpful in VoIP penetration testing.

SMAP

SMAP
is a wonderful scanner that has the ability to detect SIP-enabled
devices (it can find a single IP or a range of IPs, to all the subnets)
and can locate any VoIP server within an operating system. So it will
help to understand the VoIP network.

root@bt:/pentest/voip/smap# ./smap 192.168.1.9

smap 0.6.0 <hs@123.org> http://www.wormulon.net/

192.168.1.9: ICMP reachable, SIP enabled

1 host scanned, 1 ICMP reachable, 1 SIP enabled (100.0%)

It shows that this host is a VoIP server. Let’s try to gather more information.
root@bt:/pentest/voip/smap# ./smap -O 192.168.1.9

smap 0.6.0 <hs@123.org> http://www.wormulon.net/

192.168.1.9: ICMP reachable, SIP enabled

best guess (55% sure) fingerprint:

Asterisk PBX (unknown version)

User-Agent: Asterisk PBX 1.6.0.26-FONCORE-r78

1 host scanned, 1 ICMP reachable, 1 SIP enabled (100.0%)

-l: fingerprint learning mode
It is a wonderful argument that will give us more information.


SIP-Scan

It
is just like the SMAP, in that an SIP-scan is also used to detect
SIP-enabled devices. Likewise, it has the ability to scan over the
entire range of IPs.

root@bt:/pentest/voip/sipscan# ./sip-scan -i eth0 192.168.1.1-254

192.168.1.9: Asterisk PBX 1.6.0.26-FONCORE-r78

root@bt:/pentest/voip/sipscan#


The next article of VoIP hacking series will be publish later, so practice the tools mentioned above and do not forget to share it via your social media profiles.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings