Abstract
IP phones are an essential component of any VoIP infrastructure. The hardware constraints and newness of these devices, as compared to mature desktop or server systems, lead to software development focused primarily on features and functionality rather than security and dependability. While several automated tools exist to test the security of IP phones, these tools have limitations and can not provide a strong guarantee that a particular IP phone is secure.
Our work evaluates the attack resilience of a widely deployed IP phone, the Cisco 7960G, employing techniques such as: vulnerability scans, fuzz tests, and static binary analysis. While the first two techniques found no vulnerabilities, the static analysis of the firmware image revealed critical vulnerabilities and fundamental software design flaws. We conclude that security designs proven useful in desktop and server software architectures should similarly appear as part of the software design for devices such as IP phones.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bell, A.G.: Improvement in telegraphy. United States Patent #174,465 (March 1876)
Prevelakis, V., Spinellis, D.: The Athens affair. IEEE Spectrum 44(7) (July 2007)
Arkin, O.: The trivial Cisco IP phones compromise. Whitepaper, The Sys-Security Group (September 2002)
Cisco Security Advisory: Cisco unified IP phone overflow and denial of service vulnerabilities (2008), http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml
Cisco Press Release: Cisco sells its 6 millionth IP phone as worldwide demand soars for IP communications (September 2005)
Kuhn, D., Walsh, T., Fries, S.: Security Considerations for Voice Over IP Systems. US Dept. of Commerce, National Institute of Standards and Technology (2005)
Hoglund, G., McGraw, G.: Exploiting Software: How to Break Code. Addison-Wesley, Reading (2004)
Raghunathan, A., Ravi, S., Hattangady, S., Quisquater, J.-J.: Securing mobile appliances: new challenges for the system designer. In: Design, Automation and Test in Europe, Munich, Germany (March 2003)
Kocher, P., Lee, R., McGraw, G., Raghunathan, A., Ravi, S.: Security as a new dimension in embedded system design. In: Design Automation Conference, San Diego, CA (June 2004)
Secunia: Cisco IP phone 7960—vulnerability report (2007), http://secunia.com/product/287/?task=advisories
VoIPSA: Voip security tool list (2007), http://www.voipsa.org/Resources/tools.php
Abdelnur, H., State, R., Festor, O.: KiF: A stateful SIP fuzzer. In: 1st International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm), New York (July 2007)
Cisco SIP IP Administrator Guide, Version 8.0 (2007), http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/sip/8_0/english/administration/guide/8_0.html
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: RFC3261: SIP: Session initiation protocol (2002)
Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Communications of the ACM 33(12) (December 1990)
State, R.: Cisco phone 7940 remote DOS. CVE-2007-5583 (2007)
Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX Security Symposium, San Antonio, TX (January 1998)
Fogie, S.: Embedded reverse engineering: Cracking mobile binaries. In: Defcon 11, Las Vegas, NV (2003)
Abdelnur, H., State, R., Chrisment, I., Popi, C.: Assessing the security of VoIP services. In: 10th IFIP/IEEE International Symposium on Integrated Network Management, Munich, Germany (May 2007)
McGann, S., Sicker, D.C.: An analysis of security threats and tools in SIP-based VoIP systems. In: 2nd Workshop on Securing Voice over IP, Cyber Security Alliance, Washington, DC (June 2005)
San.: Hacking Windows CE. In: Defcon 13, Las Vegas, NV (2005)
Hurman, T.: Exploring Windows CE shellcode. Whitepaper, Pentest Limited (June 2005)
Mulliner, C.: Advanced attacks against PocketPC phones. In: Defcon 14, Las Vegas, NV (2006)
FX.: Attacking networked embedded systems. In: Black Hat Windows Security, Seattle, WA (February 2003)
FX.: More embedded systems. In: Black Hat USA, Las Vegas, NV (July 2003)
Lynn, M.: The holy grail: Cisco IOS shellcode and exploitation techniques. In: Black Hat USA, Las Vegas, NV (July 2005)
Barnaby, J.: Exploiting embedded systems. In: Black Hat Europe, Amsterdam, Netherlands, February/March (2006)
Grand, J.: Introduction to embedded security. In: Black Hat USA, Las Vegas, NV (July 2004)
O’Connor, B.: Vulnerabilities in not-so embedded systems. In: Black Hat USA, Las Vegas, NV, July/August (2006)
Verma, A.: IP phone security: Packet filtering protection against attacks. Texas Instruments White Paper (2006)
Shao, Z., Xue, C., Zhuge, Q., Qiu, M., Xiao, B., Sha, E.H.M.: Security protection and checking for embedded system integration against buffer overflow attacks via hardware/software. IEEE Transactions on Computers 55(4) (April 2006)
Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Hardware-assisted run-time monitoring for secure program execution on embedded processors. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 14(12) (December 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dacosta, I., Mehta, N., Metrock, E., Giffin, J. (2008). Security Analysis of an IP Phone: Cisco 7960G. In: Schulzrinne, H., State, R., Niccolini, S. (eds) Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks. IPTComm 2008. Lecture Notes in Computer Science, vol 5310. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89054-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-89054-6_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89053-9
Online ISBN: 978-3-540-89054-6
eBook Packages: Computer ScienceComputer Science (R0)