During a presentation at the annual gathering of security experts at Caesar's Palace,
Sipera revealed a technique that allowed it to take remote control of a vulnerability of a PC running VoIP and the Session Initiation Protocol (SIP).
SIP is an application-layer control protocol used to create, modify and terminate sessions in IP PBX, VoIP and other technologies.
The company's VIPER Lab research unit was able to take command of a PC running a soft phone VoIP application and cross "boundaries" into the data stored on the system. It did so by injecting a buffer overflow with an executable inside it during an SIP-initiated call, according to Eric Winsborrow, Sipera's chief marketing officer.
The technique takes advantages of flaws in VoIP and SIP, he said. SIP and soft clients, software such as the one shipped with Microsoft's Office Communication Server (OCS), use TCP ports 5060 and 5061, which are always open, unlike HTTP, which opens and closes port 80 as necessary.
That always-on state creates new threats with the potential for stealing data from a laptop running a soft phone, Krishna Kurapati, Sipera's founder and CTO, told SCMagazine.com. Notably, the vulnerabilities -- and Sipera said it has uncovered more than 20,000 potential issues within VoIP – aren’t detected or stopped by traditional anti-virus products, he added.
VoIP's vulnerable nature has ramifications as enterprises begin to move beyond what Sipera called VoIP 1.0 – VoIP running on a company's internal wide-area networking (WAN) infrastructure – and out onto the Internet. That environment, which Sipera called VoIP 2.0, will allow remote employees to access the corporate network from PC-based soft phones via the open Internet.
In VoIP 2.0 systems, a soft phone-resident PC taken over remotely via a vulnerability such as a buffer overflow could be used to take over the PC to open files or gain access to the data resources within an enterprise, Winsborrow said. This should be a "huge scare" for chief security officers, he added.