informa
3 min read
article

Researchers Find Flaws In Microsoft VoIP Apps

Vulnerabilities could lead to denial-of-service attacks, researchers say
Security researchers say they have discovered several vulnerabilities in Microsoft applications that work with voice over IP (VoIP).

VoIPshield Laboratories, a new research division at VoIPshield Systems, says the new vulnerabilities affect applications that use media stream protocols like Real-time Transport Protocol (RTP), a popular standardized packet format for delivering audio and instant messaging over the Internet. The vulnerabilities could allow attackers to launch denial-of-service (DoS) attacks -- not only against the Microsoft applications, but against the entire desktop environment, the researchers say. The vulnerabilities affect Office Communications Server 2007, Office Communicator, and Windows Live Messenger, all of which offer software-driven VoIP capabilities and use RTP to deliver the content of the message. Microsoft estimates there are approximately 250 million users of these applications "Most of the attention in enterprise VoIP security has been paid to the control channel, where SIP and other signaling protocols are used," said Ken Kousky, CEO of security research and analysis firm IP3, and adviser to the VoIP Lab at Illinois Institute of Technology. "Until now, the media stream has been largely ignored by the security community as a source of malicious activity. But attacks from these vectors have the potential to be dangerously persistent and widespread." The vulnerabilities are "just the tip of the iceberg," said Andriy Markov, director of VoIPshield Labs. "Although they are specific to Microsoft's applications, similar flaws exist in other VoIP vendors' products. And many other media stream attacks exist that have more severe implications than service availability," he said. "We're presently validating new research that shows an attacker can gain unauthorized access to an unsuspecting user's laptop by manipulating the packets of a VoIP phone call. We believe that these attacks can even be made to traverse a [public switched telephone network] gateway." VoIPshield says it has disclosed the full details of the vulnerabilities to the affected vendors, but it will not be providing details publicly. Securing the media stream is particularly challenging because once the messaging session is established, the flow of voice packets is not always monitored and managed by the call server, VoIPShield says. "Media traffic, whether it's voice or video, can travel peer-to-peer," Kousky notes. "Security practitioners have historically considered blocking peer-to-peer traffic as the best protection practice. Unfortunately, for voice packets, that strategy doesn't work." Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message