Sunday, November 04, 2007

VOIPSA: SIP Digest Access Authentication RELAY-ATTACK for Toll-Fraud

VOIPSA has posted a message on its VOIPSEC mailing list about "Breaking SIP for fun and toll fraud".
From the mailing list;
"In this post, we would like to inform abouta potential Authentication vulnerability in SIP, where all SIP equipments using Digest Access Authentication which can issue re-INVITEs are vulnerable.
The problem lies in an attack scenario, where a called device can be triggered by a calling party to issue a re-INVITE. Such cases appear when either a phone is put on hold. More general, this is possible whenever a target refresh within a dialog takes place.
The impact is that Toll-fraud, Call-ID spoofing, etc. are possible, allowing a third entity to call on behalf of a victim. The victim is accountable in this case for the call.
To our knowledge, we don't know if neither the IETF nor anybody else has addressed this issue yet.
THIS IN NOT THE KNOWN ISSUE OF MAN IN THE MIDDLE. THE MAIN NOVELTY IS THAT AN ATTACKER CAN TRIGGER A re-INVITE FROM A CALLED PHONE AND REQUEST IT TOAUTHENTICATE."
Read more about this at Mailing list post

Posted by sol@rion at 11/04/2007 12:13:00 PM  

Labels:


AddThis Social Bookmark Button

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Blog Widget by LinkWithin