Skip to main content

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5310))

Abstract

IP phones are an essential component of any VoIP infrastructure. The hardware constraints and newness of these devices, as compared to mature desktop or server systems, lead to software development focused primarily on features and functionality rather than security and dependability. While several automated tools exist to test the security of IP phones, these tools have limitations and can not provide a strong guarantee that a particular IP phone is secure.

Our work evaluates the attack resilience of a widely deployed IP phone, the Cisco 7960G, employing techniques such as: vulnerability scans, fuzz tests, and static binary analysis. While the first two techniques found no vulnerabilities, the static analysis of the firmware image revealed critical vulnerabilities and fundamental software design flaws. We conclude that security designs proven useful in desktop and server software architectures should similarly appear as part of the software design for devices such as IP phones.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bell, A.G.: Improvement in telegraphy. United States Patent #174,465 (March 1876)

    Google Scholar 

  2. Prevelakis, V., Spinellis, D.: The Athens affair. IEEE Spectrum 44(7) (July 2007)

    Google Scholar 

  3. Arkin, O.: The trivial Cisco IP phones compromise. Whitepaper, The Sys-Security Group (September 2002)

    Google Scholar 

  4. Cisco Security Advisory: Cisco unified IP phone overflow and denial of service vulnerabilities (2008), http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml

  5. Cisco Press Release: Cisco sells its 6 millionth IP phone as worldwide demand soars for IP communications (September 2005)

    Google Scholar 

  6. Kuhn, D., Walsh, T., Fries, S.: Security Considerations for Voice Over IP Systems. US Dept. of Commerce, National Institute of Standards and Technology (2005)

    Google Scholar 

  7. Hoglund, G., McGraw, G.: Exploiting Software: How to Break Code. Addison-Wesley, Reading (2004)

    Google Scholar 

  8. Raghunathan, A., Ravi, S., Hattangady, S., Quisquater, J.-J.: Securing mobile appliances: new challenges for the system designer. In: Design, Automation and Test in Europe, Munich, Germany (March 2003)

    Google Scholar 

  9. Kocher, P., Lee, R., McGraw, G., Raghunathan, A., Ravi, S.: Security as a new dimension in embedded system design. In: Design Automation Conference, San Diego, CA (June 2004)

    Google Scholar 

  10. Secunia: Cisco IP phone 7960—vulnerability report (2007), http://secunia.com/product/287/?task=advisories

  11. VoIPSA: Voip security tool list (2007), http://www.voipsa.org/Resources/tools.php

  12. Abdelnur, H., State, R., Festor, O.: KiF: A stateful SIP fuzzer. In: 1st International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm), New York (July 2007)

    Google Scholar 

  13. Cisco SIP IP Administrator Guide, Version 8.0 (2007), http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/sip/8_0/english/administration/guide/8_0.html

  14. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: RFC3261: SIP: Session initiation protocol (2002)

    Google Scholar 

  15. Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Communications of the ACM 33(12) (December 1990)

    Google Scholar 

  16. State, R.: Cisco phone 7940 remote DOS. CVE-2007-5583 (2007)

    Google Scholar 

  17. Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX Security Symposium, San Antonio, TX (January 1998)

    Google Scholar 

  18. Fogie, S.: Embedded reverse engineering: Cracking mobile binaries. In: Defcon 11, Las Vegas, NV (2003)

    Google Scholar 

  19. Abdelnur, H., State, R., Chrisment, I., Popi, C.: Assessing the security of VoIP services. In: 10th IFIP/IEEE International Symposium on Integrated Network Management, Munich, Germany (May 2007)

    Google Scholar 

  20. McGann, S., Sicker, D.C.: An analysis of security threats and tools in SIP-based VoIP systems. In: 2nd Workshop on Securing Voice over IP, Cyber Security Alliance, Washington, DC (June 2005)

    Google Scholar 

  21. San.: Hacking Windows CE. In: Defcon 13, Las Vegas, NV (2005)

    Google Scholar 

  22. Hurman, T.: Exploring Windows CE shellcode. Whitepaper, Pentest Limited (June 2005)

    Google Scholar 

  23. Mulliner, C.: Advanced attacks against PocketPC phones. In: Defcon 14, Las Vegas, NV (2006)

    Google Scholar 

  24. FX.: Attacking networked embedded systems. In: Black Hat Windows Security, Seattle, WA (February 2003)

    Google Scholar 

  25. FX.: More embedded systems. In: Black Hat USA, Las Vegas, NV (July 2003)

    Google Scholar 

  26. Lynn, M.: The holy grail: Cisco IOS shellcode and exploitation techniques. In: Black Hat USA, Las Vegas, NV (July 2005)

    Google Scholar 

  27. Barnaby, J.: Exploiting embedded systems. In: Black Hat Europe, Amsterdam, Netherlands, February/March (2006)

    Google Scholar 

  28. Grand, J.: Introduction to embedded security. In: Black Hat USA, Las Vegas, NV (July 2004)

    Google Scholar 

  29. O’Connor, B.: Vulnerabilities in not-so embedded systems. In: Black Hat USA, Las Vegas, NV, July/August (2006)

    Google Scholar 

  30. Verma, A.: IP phone security: Packet filtering protection against attacks. Texas Instruments White Paper (2006)

    Google Scholar 

  31. Shao, Z., Xue, C., Zhuge, Q., Qiu, M., Xiao, B., Sha, E.H.M.: Security protection and checking for embedded system integration against buffer overflow attacks via hardware/software. IEEE Transactions on Computers 55(4) (April 2006)

    Google Scholar 

  32. Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Hardware-assisted run-time monitoring for secure program execution on embedded processors. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 14(12) (December 2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dacosta, I., Mehta, N., Metrock, E., Giffin, J. (2008). Security Analysis of an IP Phone: Cisco 7960G. In: Schulzrinne, H., State, R., Niccolini, S. (eds) Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks. IPTComm 2008. Lecture Notes in Computer Science, vol 5310. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89054-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89054-6_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89053-9

  • Online ISBN: 978-3-540-89054-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics