Bugtraq mailing list archives
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability
From: Atom Smasher <atom () smasher org>
Date: Wed, 9 Mar 2005 14:26:57 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 thinking out loud.... 1) does the ATA connect to the server by resolving a hostname?2) how do the ATA and server authenticate each other? is there any authentication?
3) is traffic between the ATA and server encrypted? how is key-exchange handled?
part of the ATA configuration allows one to select DNS servers. this is normally done via DHCP, but may be entered manually. it may be possible for an attacker to change the DNS servers (to point to compromised DNS servers), become the "VoIP service provider" and intercept phone calls. this is, of course, a version of the man in the middle attack. depending on what (if any) authentication and/or encryption is done between the ATA and the server this may well be practical in the real-world.
if anyone has access to one of these ATAs (or similar) and some time do to any packet sniffing and traffic analysis i'm sure we'd all be curious what you find...
references: http://securityfocus.com/archive/1/392628/2005-03-06/2005-03-12/1- -- ...atom
_________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- An Inuit hunter asked the local missionary priest: "If I did not know about God and sin, would I go to hell?" "No," said the priest, "not if you did not know." "Then why," asked the Inuit earnestly, "did you tell me?" -- Annie Dillard, Pilgrim at Tinker Creek -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJCL04GAAoJEAx/d+cTpVcivvMH/2imMlEyp6lZS1NuQnJGcl5f yO9HzfhlInkkGbiLV/zjdjZ2xiYwABG/01n1ZOEsyNeWvC+lG1ceS3K2utq7TRJj gYujoox4YRq3fzUDQyFxlN8aHm5h+1urD2AXqxXJjEPd7bMaZOVoCI4Y5Kk45OB4 IOeXj2WcCa3vXLQ0a2LpuydhsaPK0fzut+XjmGolquVEMBwYruhsRS0ysEKD9+SE snAB4T08bJScDMOoAYGgQ2nTmMKDeBdEdZPHxOgdaGtuRBoNWLtFl3KAyWNs2TLP Mqo8DvoEF34gTd2apF8J2M6xKfgg4XS5gDRUZ9/SpuP+Dc69NdKraLyTZh2grVM= =f03j -----END PGP SIGNATURE-----
Current thread:
- Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 07)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 08)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 10)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Ryan Cummings (Mar 11)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 11)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Ryan Cummings (Mar 11)