Navigation MenuRealWire Limited

Delivering Relevance, Releasing Influence

Tweet Facebook LinkedIn
Press Release

Context warns of VoIP wars at Black Hat USA


Fatih Ozavci from Context Information Security highlights risks of growing VoIP attack surface and threats

August 4, 2016: With more organizations turning to VoIP (Voice over Internet Protocol) and cloud-based Unified Communications (UC) systems to underpin their commercial services and corporate communications, IT response and security testing teams are struggling to keep pace with the VoIP attack surface and growing number of threats in the wild, according to Fatih Ozavci from Context Information Security, speaking at the Black Hat USA conference today.

Fatih Ozavci, Context Information Security
Fatih Ozavci, Context Information Security

“A lack of understanding of modern VoIP and UC security, means that many service providers and businesses are leaving themselves at risk to threat actors repurposing this exposed infrastructure for attacks such as botnets, malware distribution, vishing, DoS and toll fraud,” said Ozavci.

Ozavci points to potential vulnerabilities in major UC product suites and IMS platforms, such as bypassing security measures, injecting malicious content to messaging, caller identity spoofing and billing bypass, along with problems caused by insecure configurations. “By exploiting these vulnerabilities, attackers could gain unauthorized access to client systems or communication services such as conference and collaboration, voicemail, SIP trunks and instant messaging,” said Ozavci.

The BlackHat presentation highlights weaknesses in UC messaging, federated communications and collaboration services that could be used to gain unauthorized access to the UC environment and client systems, as well as attacking client systems using signaling protocols and messaging. “These attacks can be used to compromise the client systems connected using protocol and software vulnerabilities,” said Ozavci, adding, “Dial plans, misconfigured SIP trunks, conference and network infrastructures are also major targets for advanced attacks.”

The Context researcher has also looked at media transport protocols such as (S)RTP for voice calls, file, desktop and presentation sharing. The media transmitted may have confidential or sensitive information, which can be an object of PCI, COBIT or compliance requirements such as credit card information on calls to IVR services or customer privacy information.

“Due to insecure encryption and design issues, sensitive information in the media that’s been transmitted can be exposed and compromised,” said Ozavci.

To help raise awareness of these VoIP and UC vulnerabilities, Ozavci has developed open source tools Viproxy and Viproy that can be used for VoIP penetration testing. These are available at:

Fatih Ozavci is speaking at Black Hat USA, Thursday, August 4, 2:30pm-3:20pm

About Fatih Ozavci
Fatih Ozavci is a managing consultant with Context Information Security and the author of the Viproy VoIP Pen-Test Kit, Viproxy MITM analyzer and the VoIP Wars research series. He has fifteen years’ experience in information security as a leading security consultant, researcher and instructor. His current research is focused on securing IMS and UC services, IPTV systems, mobile applications, mobility security testing, hardware hacking and BYOD/MDM analysis. He has discovered previously unknown (zero-day) security vulnerabilities and design flaws in IMS, Unified Communications, Embedded Devices, MDM, Mobility and SAP integrated environments and has published several security advisories for SAP Netweaver, Clicksoft Mobile, Cisco CUCM/CUCDM and Microsoft Skype for Business platforms.

About Context
Established in 1998, Context’s client base includes some of the world’s most high profile blue chip companies, alongside public sector and government organizations, for technical assurance, incident response and investigation services. An exceptional level of technical expertise underpins all Context services, while a detailed and comprehensive approach helps clients to attain a deeper understanding of security vulnerabilities, threats or incidents. Context is also at the forefront of research and development in security technology. Context delivers a comprehensive portfolio of advanced technical services and with offices in the UK, Germany and Australia, is ideally placed to work with clients worldwide.

For more information for editors, please contact:
Peter Rennison / Sam Morgan
PRPR, Tel + 44 (0)1442 245030 /