As more SIP-based voice-over-IP handsets appear in the enterprise, hackers are taking notice and developing attacks specifically designed to exploit the protocol.
The Session Initiation Protocol (SIP) was originally developed by the Internet Engineering Task Force (IETF) and is currently used in wireless VOIP phones for starting and ending call sessions. The protocol has also been approved by the 3rd Generation Partnership Project 2 (3GPP2) as an element of the IMS architecture.
A new SIP password cracking tool called -- we kid you not -- Sipcrack has just been released on the Remote-Exploit.org Website. This tool would allow a malicious user with network access to capture the SIP credentials and crack the user password.
Such a breach could allow a hacker to carry out a number of different attacks, according to security consultant Shawn Merdinger. "The attacker could use those credentials for other attacks like using the company PBX for VOIP Phishing," he says. "Not to mention it's probably the same user password for other access in the organization."
Tools like Sipcrack will become increasingly dangerous, and prevalent, in a world where more and more phones are SIP-complaint. Major networking vendors such as Alcatel (NYSE: ALA; Paris: CGEP:PA), Avaya Inc. (NYSE: AV), and Cisco Systems Inc. (Nasdaq: CSCO) already have phones on the market along with a host of smaller players.
And SIP doesn't stop there. The protocol will also be a key element of future fixed/mobile convergence handsets and network appliances.
All of which likely means that we haven't seen the last of Sipcrack and its ilk.
Dan Jones, Site Editor, Unstrung