All Your Calls are Still Belong to Us How We Compromised the Cisco VoIP Crypto Ecosystem presented at TROOPERS 2012

by Enno Rey, Daniel Mende,

Summary : Modern Enterprise VoIP solutions are complex beasts. They usually encompass application servers (e.g. for mailboxes and to provide CTI functions), infrastructure systems for authentication or crypto stuff and intelligent phones.
In the end of the days the inherent complexity means that while traditional VoIP attacks (like re-directing, sniffing and reconstructing calls) might no longer work weve been able to severely compromise any enterprise VoIP environment weve pentested in the last twelve months. Based on a number of warstories, in this talk well first lay out the relevant attack vectors and the protocol or device level vulnerabilities enabling those.
We will then focus on Ciscos Unified Communications solution that seemingly disposes of a mature, certificate based crypto framework protecting both the signaling and the media transport. Well, seemingly. When closely inspecting the relevant parts and messages, it turns out that at some point all the key material can be replaced by attacker chosen keys. Which effectively means that were down to cleartext-like attacks again
Well provide a technical explanation of the underlying vulnerabilities and discuss potential mitigating controls, both on a technical and on the provisioning process level.

Enno Rey: Daniel and Enno are long time network geeks who love to explore network devices & protocols and to break flawed ones.

Daniel Mende: Daniel and Enno are long time network geeks who love to explore network devices & protocols and to break flawed ones.