SIP hacking tools become more common as VOIP handsets get a toehold in the enterprise

Dan Jones, Mobile Editor

August 3, 2006

2 Min Read

As more SIP-based voice-over-IP handsets appear in the enterprise, hackers are taking notice and developing attacks specifically designed to exploit the protocol.

The Session Initiation Protocol (SIP) was originally developed by the Internet Engineering Task Force (IETF) and is currently used in wireless VOIP phones for starting and ending call sessions. The protocol has also been approved by the 3rd Generation Partnership Project 2 (3GPP2) as an element of the IMS architecture.

A new SIP password cracking tool called -- we kid you not -- Sipcrack has just been released on the Remote-Exploit.org Website. This tool would allow a malicious user with network access to capture the SIP credentials and crack the user password.

Such a breach could allow a hacker to carry out a number of different attacks, according to security consultant Shawn Merdinger. "The attacker could use those credentials for other attacks like using the company PBX for VOIP Phishing," he says. "Not to mention it's probably the same user password for other access in the organization."

Tools like Sipcrack will become increasingly dangerous, and prevalent, in a world where more and more phones are SIP-complaint. Major networking vendors such as Alcatel (NYSE: ALA; Paris: CGEP:PA), Avaya Inc. (NYSE: AV), and Cisco Systems Inc. (Nasdaq: CSCO) already have phones on the market along with a host of smaller players.

And SIP doesn't stop there. The protocol will also be a key element of future fixed/mobile convergence handsets and network appliances.

All of which likely means that we haven't seen the last of Sipcrack and its ilk.

— Dan Jones, Site Editor, Unstrung

About the Author(s)

Dan Jones

Mobile Editor

Dan is to hats what Will.I.Am is to ridiculous eyewear. Fedora, trilby, tam-o-shanter -- all have graced the Jones pate during his career as the go-to purveyor of mobile essentials.

But hey, Dan is so much more than 4G maps and state-of-the-art headgear. Before joining the Light Reading team in 2002 he was an award-winning cult hit on Broadway (with four 'Toni' awards, two 'Emma' gongs and a 'Brian' to his name) with his one-man show, "Dan Sings the Show Tunes."

His perfectly crafted blogs, falling under the "Jonestown" banner, have been compared to the works of Chekhov. But only by Dan.

He lives in Brooklyn with cats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights