VoIP security: Scenarios, challenges, and counter measures
Spoofing poses another level of challenge for VoIP that is creation of TCP/IP packets using someone else's IP address. Hackers use a variety of techniques to find an IP address of a trusted host and then modify the packet header (Source IP address field) so that it appears that the packets are coming from that host, a technique popularly called as Caller ID Spoofing in VoIP domain. Pranks on friends and loved ones are the most common application of spoofing.
Websites such as: Spoofcard, Nufone, and Spooftelprovide caller ID spoofing services, and eliminate the need for special hardware. Caller ID spoofing is often used by those who bug stolen credit card numbers. They will call a service such as Western Union, setting Caller ID to appear to originate from the card holder's home, and use the credit card number to order cash transfers that they then pick up. Exposing a similar vulnerability, Caller ID is used by credit-card companies to authenticate newly issued cards. The recipients are generally asked to call from their home phones to activate their cards.
In August, Secure Science Corporation warned that hackers can use Caller ID spoofing to break into voice mail boxes of T-Mobile subscribers. A U.S. wireless company with 15.4 million customers, T-Mobile permits users to check voice mail without entering a passcode, as long as they're calling from their own phone--an easy matter to fake with caller I.D. spoofing.
Caller ID Spoofing and SPIT are threats that are one or the other form of more generic term "Man-in-the-middle" attack. This is the name given to a situation where an attacker inserts himself between the originator and recipient of the call, without either of them knowing that their communication medium has been compromised. To either participant in the call, the attacker appears as the other, intended participant. Thus the attacker can intercept, modify and insert messages in the conversation. Obvious consequences include loss of confidential information and changing the meaning of the information conveyed.
Call hijacking is a form of the man-in-the-middle attack in which the attacker replaces one of the participants in the call. Such attacks can be accomplished in a variety of ways. One, is the manipulation of registration records maintained by the registrar/proxy server in a SIP-based VoIP network. This allows a malicious user to register as a valid user and further carry out toll fraud etc. Another means to launch such an attack is to manipulate the 3xx SIP response codes.
This allows the rogue user to redirect the voice traffic through them. There are some legal methods too, i.e., 'Footprinting' that is the easiest and safest way to go about finding information about a company that is available to the public, such as phone numbers, addresses, etc. Performing who is requests, searching through DNS tables, and scanning certain IP addresses for open ports, are other forms of open source footprinting. Most of this information is fairly easy to find, and obtaining it is legal.
Most companies post information on their website which can be very useful to hackers--and the companies don't even realize it. Footprinting this is most convenient way that hackers use to gather information about computer systems and the companies they belong to. Footprinting allows a hacker to know as much as they can about a system, its remote access capabilities, ports and services, and aspects of its security. Many administrators now post false phone numbers to protect themselves from footprinting.