Home Tags VoIP

Tag: VoIP

Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) message handling process of Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. T...

Trivial path for DDoS amplification attacks found by infosec bods

600,000 servers are vulnerable to this little-known protocol Security researchers have discovered a new vector for DDoS amplification attacks – and it's quite literally trivial. Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years. Researchers at Edinburgh Napier University have discovered that the TFTP protocol (Trivial File Transfer Protocol) might be abused in a similar way. Unlike DNS and NTP, TFTP has no business being exposed on internet-facing systems. Yet port scanning research indicated that there about 599,600 publicly open TFTP servers. That’s bad in itself but the situation gets worse: the researchers discovered that TFTP offers a higher amplification factor than other internet protocols. “The discovered vulnerability could allow hackers to use these publicly open servers to amplify their traffic, similarly to other DDoS amplification attacks like DNS amplification.
If all specific conditions are met this traffic can be applied up to 60 times the original amount,” researcher Boris Sieklik told El Reg. “I also studied effects of this attack on different TFTP software implementations and found that most implementations automatically retransmit the same message up to six times, which also contributes to the amplification.” TFTP protocol (Trivial File Transfer Protocol) is a simplified version of FTP (File Transfer Protocol).
It is generally used in internal networks and in environments where OS image transfers are required regularly.

For instance, Cisco uses TFTP to send OS images to the VoIP phones and they can also be used by all Cisco equipment to update firmware or to transfer files as part of schemes to provide centralised storage of these images.

The technology is also widely used during PXE booting of machines. Essentially, any file can be transferred by TFTP. Attackers could use this vulnerability to perform large amplification attacks to both external and internal targets, Sieklik warns.
Sieklik worked together with Richard Macfarlane and Prof. William Buchanan, both of Edinburgh Napier University, in putting together the research, which also looked at ways to mitigate potential attacks and possible countermeasures. DDoS reflection/amplification attacks in general allow an attacker to magnify the amount of traffic they can generate.
Sending a dodgy request with a forged return address in the name of an intended target can generate a response, much bigger in size than the original request, hence the amplification terminology. The trick ultimately relies on using misconfigured services at third-party sites in order to flood targeted websites with junk responses to forged web requests.
Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years, the most high profile of which battered Spamhaus and buffeted internet exchanges back in March 2013. Something along the same lines might be possible, at least in theory, when it comes to TFTP, the researchers warn.

The computer scientists are unable to point to specific examples of DDoS attacks based on TFTP. More details of the research were published in the March edition of publisher Elsevier’s Computers & Security journal (synopsis here). ® Sponsored: DevOps for Dummies 2nd edition

Wick Hill Now Shipping WatchGuard’s New Secure Wireless Access Points So...

WatchGuard’s AP300 combines modern wireless features with award-winning security to better protect against network attacksWoking, Surrey: 18/2/16 – Wick Hill is now shipping WatchGuard’s new AP300 for secure wireless access.

Designed to work with WatchGuard's award-winning Unified Threat Management (UTM) Firebox appliances, the AP300 delivers cutting-edge wireless access with advanced security services to help industry providers better protect customers across Wi-Fi networks.

The AP300 offers the latest 802.11ac standard and a host of new wireless features to solve business problems including Fast Roaming to improve quality for VoIP devices; Fast Handover, which forces "sticky" devices with low signal strength to quickly connect to the next AP; and Band Steering to move devices to the clearer 5GHz band. Ian Kilpatrick, chairman Wick Hill Group Wireless trends are growing with Wi-Fi access becoming ubiquitous in businesses, stores, corporate environments and public spaces. Organizations are offering guest Wi-Fi access so customers can go online via cell phones, laptops and devices. However, security is an often overlooked yet critical element in the explosion of wireless today.

As the use of wireless increases, so does the vulnerability to both opportunistic and targeted attacks. "Organizations across all industries are facing increased pressure from customers, vendors, and employees to offer wireless access. Unfortunately, hackers are also constantly trying to gain a foothold into the network," said Ryan Orsi, director of product management at WatchGuard. "Organizations need to play better defense, especially on Wi-Fi networks.

Businesses that fail to properly secure their Wi-Fi networks, including guest hotspots, may expose customers, partners, and internal users to a variety of risks.

The AP300 provides the latest wireless technology and best-in-class security features working together to help protect customers from threats online via Wi-Fi networks." Ian Kilpatrick, chairman of leading WatchGuard distributor Wick Hill Group, commented: “While these risks have been around for a long time, organisations and retail providers are now (often belatedly) moving to deal with this challenge. We have seen exceptional growth in demand in the last six months, driven in part by the recent spate of high profile breaches, and in part by the range of capabilities and ease of implementation.” Security threats that may involve wireless networks include: Wi-Fi Password Cracking: Wireless access points that still use older security protocols, like WEP, are easy targets because passwords are notoriously easy to crack. Rogue Hotspots: Nothing physically prevents a cyber criminal from enabling a foreign access point near a hotspot with a matching SSID, which invites customers to log in. Users that fall victim to the Rogue AP are susceptible to malicious code, which often goes unnoticed. Planting Malware: Customers that join a guest wireless network are susceptible to unknowingly walking out with unwanted malware, delivered from bad-intentioned neighboring users.

A common tactic used by hackers is to plant a backdoor on the network, which allows them to return at a later date to steal sensitive data. Eavesdropping: Guests run the risk of having their private communications intercepted, or packet sniffed, by cyber snoops while on an unprotected wireless network. Data Theft: Joining a wireless network may put users at risk of losing private documents to cyber thieves that are listening in and opportunistically intercepting data being sent through the network. Inappropriate and Illegal Usage: Businesses offering guest Wi-Fi risk playing host to a wide variety of illegal and potentially harmful communications.

Adult or extremist content can be offensive to neighboring customers, and illegal downloads can leave the business susceptible to lawsuits. Bad Neighbors: As the number of wireless users on the network grows, so does the risk of a pre-infected device entering the network. Mobile attacks, such as Android's Stagefright, can spread from guest to guest, even if "victim zero" is oblivious to the outbreak. WatchGuard protects against these threats, enabling wireless networks to pass traffic through all security services running on the WatchGuard firewall, including anti-virus (AV), Intrusion Prevention Service (IPS), WebBlocker, spamBlocker, App Control, Reputation Enabled Defense, APT Blocker, and Data Loss Prevention.

Each of these services is managed in a single-pane-of-glass console, and can be enabled without sacrificing speed or throughput. About Wick Hill Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions.

The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions. Wick Hill is particularly focused on providing a wide range of value added support for its channel partners.

This includes a strong lead generation and conversion programme, technical and consultancy support for reseller partners in every stage of the sales process, and extensive training. Wick Hill Group is part of Rigby Private Equity, a subsidiary of Rigby Group Investments, an independent company within Rigby Group plc.

As such, Wick Hill has its headquarters in the UK, an office in Germany and an office in Austria. Wick Hill is also able to offer services to channel partners in thirteen European countries and worldwide, through its association with Zycko, as part of RPE. About WatchGuard Technologies, Inc.WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry-standard hardware, best-in-class security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America.

To learn more, visit WatchGuard.com. WatchGuard is a registered trademark of WatchGuard Technologies, Inc.

All other marks are property of their respective owners. ENDS For further information on Wick Hill, please go to www.wickhill.com; Twitter www.twitter.com/wickhill.

For further press information, please contact Annabelle Brown, public relations consultant, on 01326 318212, email pr@wickhill.com.

IP freely? Your VoIP phone can become a covert spy tool…

Sod it, let's just go back to carrier pigeons VoIP phones running default or weak passwords can be used for secret surveillance, independent security consultant Paul Moore warns. Moore discovered that default passwords on enterprise grade Snom VoIP phones create a means for attackers to either make calls and even spy on incoming or outgoing conversations. Moore came across the issue when he was called in by a client in order to make recommendations on how to improve security with a wireless access points and VoIP phone installation project, carried out by third-party contractors. Subsequent experiments by Moore on a Snom 320 VoIP phone (running firmware version 8.7.5.13) showed there was no authentication of the device’s set-up console, which was available even through corporate firewalls. Exploitation would be possible simply by visiting a site containing a hostile JavaScript payload. Any attacker would be able to comprehensively own the device, according to Moore. Moore called in password security experts Per Thorsheim and developer Scott Helme to help him set-up a proof-of-concept demo of the problem. Thorsheim (playing the part of an attacker) embedded the exploit on a site which he controls. Meanwhile, Moore was reading Thorsheim's site while having a private conversation with Helme, via Skype. “Unbeknownst to me, Per [Thorsheim] has forced my VoIP phone to call his premium rate number and disabled the speaker, so unless I'm looking at the phone, I wouldn't know it's dialling.” Moore explains. The trio made a video of the exploit in action (below). [embedded content] Moore writes: “What can the attacker do? Make calls, receive calls, transfer calls (even before it rings), play recordings, upload new firmware and crucially... use the device for covert surveillance.” El Reg asked Berlin-based Snom for comment on Moore’s findings but we’re yet to hear back. We’ll update this story as and when we hear more. The UK-based security researcher reckons similar attacks are possible against other VoIP phones that ship with default login credentials or (worse still) no authentication at all. “If you install, use or just find yourself sat next to one of these devices, just remember... it's basically a PC, with all the security vulnerabilities associated with them,” Moore concludes. “Don't assume it's safe because it's running as the manufacturer intended; seek professional advice.” Moore suggests various countermeasures including using strong passwords (derived from a password manager) and applying network segmentation, as explained in greater depth in a blog post here. An article called Are you the only one using your VoIP phone?, by Professor Alan Woodward of Surrey University discussing the security issues of using VoIP devices in greater depth can be found here. ® Sponsored: Building secure multi-factor authentication

Bomb hoax server hoster reportedly cuffed in France

Log-less network service targeted in wake of global bomb threats. French police have arrested the operator of a log-free Extensible Messaging and Presence Protocol (XMPP) service allegedly used by a hacking gang responsible for making dozens of fake bomb threats to schools around the world. Les Gendarmes say they've cuffed Vincent Lauton, 18, allegedly operator of runs darkness.su which positions itself firmly a service for those seeking high anonymity.

The outfit promises customers it does not store user logs "in any manner" other than for debugging, and does not require customer information to setup accounts.

The site sports an advertisement for carding website ValidShop. Le Monde reports Lauton is being investigated for possible links to the group calling itself Ev4cuati0nSquad, which over the last month has phoned in dozens of fake bomb threats to schools in countries including the UK, the US, and Australia causing closures and widespread panic. It is alleged Ev4cuati0nSquad placed its bomb threat voice-over-internet-protocol (VoIP) calls using the Darkness.su service. Lauton was reportedly taken via armed convoy to a Paris police station, and is being held in extended custody under France's emergency powers. Le Monde reports Lauton refused to hand over decryption keys for his computer resulting in his indictment for the non-cooperation. Merci à tous pour votre soutien! Thank you all for your support! — Darkness (@Darkness_su) February 12, 2016 At least six schools in Paris and a dozen each in Britain and Australia were closed after receiving credible threats. The group placed the calls for free using VoIP to warn of planned shootings and bombings.

Each instance linked to the group has been shown as a fake threat with no bombs found. ® Sponsored: Building secure multi-factor authentication

Facebook’s free Internet app banned by India’s new net neutrality rule

Zero-rating targeted by regulators overseas while it remains legal in US.

How to survive a broadband service failure

On 2 February 2016, productivity across the UK ground to a halt, and social media lit up in indignation, after a faulty router on BT’s network brought down broadband services to tens of thousands of consumers and businesses. Although engineers were swiftly on scene, and the fault with the service was largely resolved within a few hours, the cost to the UK economy in terms of lost business and man-hours of a major failure is likely to run into tens of millions of pounds. For BT, this was the latest in a string of outages. A swift look at its service status website gives the casual observer some idea of the sheer size of the task its engineers face in keeping everyone online 24/7 – but such a widespread and pronounced failure is far beyond what it normally has to deal with. Thankfully, large service outages of this type are rare, which for BT is probably something of a relief, according to Joshua Raymond, chief marketing officer at contract for difference (CFD) and foreign exchange trader XTB, for whom broadband connectivity is critical to operate in a global market 24 hours a day. “Given the sheer intensity of competition within the telecom and broadband sector, this outage is bad news for BT and could cause short-term damage to its brand reputation,” said Raymond. BT’s network hiccup happened on the same day that internet service provider TalkTalk admitted it had lost more than 100,000 customers following a cyber attack on its systems in October 2015. Analyst Imran Choudhary at Kantar Worldpanel said that, as a result, users had “lost faith” in the business. Although BT suffered a technical fault, rather than a damning security breach, Raymond feels its outage serves as a “clear and present risk to the retention of its [BT’s] customer base”. BT could be forced into paying small compensation claims Joshua Raymond, XTB “BT could also be forced into paying small compensation claims to keep its customers happy,” he added. Martin Li, chief market strategist at XTB, says BT is dealing with a lot of disgruntled customers in the financial services industry who are highly dependent on broadband. “Other large-scale outages could really hurt its performance and growth prospects,” he said. Kantar Worldpanel’s Choudhary says that in contrast to TalkTalk’s security breach, which left customers confused and bewildered because of a perception that nobody at TalkTalk really knew what was going on, BT handled its downtime well. “They were honest in terms of what was happening,” he said. “They put out a consistent message, and once it was repaired, there was a genuine explanation for it.” This sort of approach would serve BT business customers well, too, he added. Paul Evans, CEO of Boosty, a recently launched provider of solutions that enable users to supplement their broadband and boost their network speed using mobile broadband services on their smartphone, said the reputational damage to BT may be substantial. “An outage impacts the experience for your customers,” he said. “Even a few minutes can cost thousands of pounds because the phones simply stop ringing.” With angry customers increasingly likely to approach brands on social media, it makes sense for organisations to brush up on their strategy for engaging with them effectively, making sure staff are well-informed about what is going on, keeping clear lines of communication open and, above all, not losing their cool on the internet. Have a failsafe Risk management, coupled with the usual elements of a coherent disaster recovery plan, such as setting objectives around recovery processes and procedure, and establishing clear service-level agreements (SLAs) with external providers should, of course, be second nature to the average IT department. But there is another way in which organisations can protect themselves: businesses without their own corporate networks or datacentres, SMEs and web-dependent outfits should think about deploying multiple options where possible. For Hubert Da Costa, vice-president of EMEA at 4G long-term evolution (LTE) solutions supplier Cradlepoint, the BT outage highlights a dangerous over-reliance by businesses on fixed networking solutions. “Tuesday’s nationwide BT broadband outage revealed how vulnerable UK businesses are to fixed-line service interruptions, and underlined just how fundamental this technology is to our working lives,” he said.  “Organisations need to build much greater levels of protection into their communications infrastructure to ensure they can maintain ‘business-as-usual’ operations. Da Costa urges businesses to adopt a telecoms strategy that employs failover capability which can mitigate risks around lost sales and employee productivity. Protection against fixed-line service failure should figure more actively Hubert Da Costa, Cradlepoint “As businesses assess the cost of this major service interruption, and think again about their ability to overcome a similar situation in the future, protection against fixed-line service failure should figure more actively in their technology strategy,” he says. Boosty’s Evans also agrees on the importance of having some form of failsafe. But this should not necessarily mean resorting to tethering smartphones to connect their other devices to the internet, he says. “This is a technical and time-consuming process and one that not all consumers may be aware of and there are cost implications,” he said. “Hybrid access solutions that combine 4G signals with fixed-line broadband are resilient enough to maintain a broadband connection in the event of an outage. Configured to enable faster internet access, hybrid solutions can function even when the fixed network fails by automatically switching over to the mobile broadband connection. “This provides customers with reliable internet access, reducing disruption while the operator traces the cause of the outage.” During the 2 February outage, Evans says Boosty received a number of reports from customers with BT digital subscriber line (DSL) services who said they had barely even noticed the outage, because their connections had automatically failed over to mobile broadband. “We now have quite a few people using our technology for resilience because if they are using voice-over-IP [VoIP], social media or cloud services, they are incredibly reliant on their connection,” he added.

Internet idiots make hoax bomb threats to UK, Aus, French schools

A gang of internet idiots are using voice-over-internet-protocol (VoIP) services to phone-in fake bomb threats to schools across the UK, France, and Australia in exchange for Bitcoins. The group operating under the scuppered @Ev4cuati0nSquad Twitter account have called in fake bomb threats to dozens of schools in those countries, boasting on the social network about the exploits. More than a dozen schools and education institutions in the UK have shuttered doors after receiving the threats including six in Birmingham. The Entrance Public School. A further six closed doors in Paris and about a dozen across Australia have received the threats. The latest likely victim is the Entrance Public School in the Australian state of New South Wales which today closed doors after receiving a bomb threat. Calls are being made using hacked VoIP credentials and electronic text-to-speech. The group is conducting the attacks for free and says it will charge from March, asking for five Bitcoins for a bomb threat to a school and up to fifty to target a major sporting event. The group's scuppered Twitter page. The perps have boasted of calling in threats to schools on the island of Guam. A recorded voice message uploaded to Twitter purports to show the message sent to police. "There are bombs in every high school and middle school in Guam Island. They go off in 30 minutes and are hidden in backpacks and lockers. I am going to shoot survivors with an assault rifle." It comes as email threats of nerve gas, bomb, and rifle attacks hit the education departments of New York and Los Angeles in December 2015 which resulted in schools shutting and 640,000 children staying home. The group spruiked its services in script kiddie cant like that below: Hello, and we are EvacuationSquad. We do what we do for a few reasons: We hate the American government, We hate authority, and we LOVE to cause mayhem. Until March, 2015, you may send in requests for your school/work/business/etc to be sent a bomb threat. After March 1st, of 2015, we will be accepting Bitcoin only as payment. Prices then will be: $5 For a school $5 For a business/work $10 For a courthouse $10 For entire school district (all schools) $20 For a major convention $20 For sports events $50 For major sports events Anything not listed will be negotiable. Additionally, you may have a person of your choice framed for an extra $5 in Bitcoin. If you wish to have this done, please send us their contact details and/or social media accounts. Thank you. The best, and most secure, way to contact is with requests is via our XMPP: <redacted> Alternatively, we also have email: <redacted> Peace out. #EvacSquad @Ev4cuati0nSquad The group says it operates from Russia and will need to hope its operational security is up to scratch as global law enforcement and seasoned independent researchers investigate the group. ® Youtube Video Sponsored: Building secure multi-factor authentication

Because landlines are dying, VoIP providers must sell 24-hour batteries

Phone customers will have to pay for the batteries under FCC proposal.

From VOIP to Robots: Modern Tech Changes Phone Fraud Landscape

Phone fraud is not a new phenomenon, yet modern technologies, such as voice over IP (VOIP) and e-commerce, help make it easier for attackers to exploit victims. A recent report from Pindrop sheds new light on the current landscape for phone fraud. The ...

Silent Circle’s OCC VoIP service cuts out roaming costs and snoopers

Mobile device privacy supplier Silent Circle has unveiled a global hybrid encrypted VoIP service in a move it has claimed will directly challenge mobile carriers by eliminating fears over state-sponsored phone tapping and by slashing the cost of mobile roaming. The expansion of its Out-Circle Calling (OCC) service will enable customers to make and receive encrypted, private voice calls across its Silent Phone service to non-subscribers in 79 countries with a user-specific 10-digit number. The firm said the OCC could wreak havoc among wireless carriers – which have tended to impose steep roaming charges on business subscribers – by introducing a high-fidelity VoIP option for calling standard mobile and PSTN lines, backed by the privacy of its encrypted service, over any mobile or Wi-Fi network. “With Out-Circle Calling, Silent Circle is directly challenging the legacy model of mobile carriers by offering an alternative to costly mobile roaming fees,” said Silent Circle chief of revenue Vic Hyder. “This is an especially important issue for our enterprise and government customers around the world.  “International fees and roaming charges account for a significant portion of European and Latin American business overhead. Our encrypted international calling service completely eliminates roaming charges while protecting members with the use of Silent Phone.” The firm already offers private voice and video calls through the Silent Phone service on iOS and Android devices and a Windows desktop service. A companion service, Silent Text, allows customers to securely exchange SMS messages and attachments of up to 100Mb, which can be automatically deleted from both sending and receiving devices. It has also signed a deal to create a privacy-enhanced Android device, dubbed Blackphone, through a joint venture with Spanish developer Geekphone. In a blog post, Silent Circle co-founder and CEO Mike Janke said the comms industry was ripe for a shake-up over long-distance and roaming charges. “One of our Fortune 100 customers in Zurich has estimated they will save over $38,000 a month and be secure using our encrypted calling plans. That is real disruption,” he wrote. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

Ubiquiti EdgeMAX – How to set QoS parameters for VoIP applications

These instructions assume: •eth0 is your connection to the internet. •eth1 is your local area network. •Downstream bandwidth is 5000kbit. •Upstream bandwidth is 1000kbit. •You want to guaranty 25%...