44CON 2019 has ended
Back To Schedule
Thursday, September 12 • 13:30 - 14:29
Phillip Roskosch & Stephan Huber - Dial V for Vulnerable: Attacking VoIP Phones

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
More and more everyday objects become “smart” and get connected to the internet. VoIP phones are among the oldest class of smart devices. Despite new phones being constantly released, most of these devices contain cheap hardware components and badly programmed software. Their state of security is often questionable, or worse. We show that most phones suffer from serious security flaws that allow attackers to gain full control of these devices. Such hijacked devices not only allow the attacker to eavesdrop on all communication, but can serve as an entry point for further attacks to the internal networks they are connected to.

VoIP phones can be found on each enterprise desk, in critical infrastructure buildings, at home and other places where phone communication is required. Therefore, security flaws on such a device can have far-reaching consequences, especially when transmitting sensitive or private information. We present critical vulnerabilities and various classes of security flaws that allow an attacker to fully compromise the respective device. We were able to cause a denial of service, to eavesdrop on conversations, and to gain remote code execution on the phone.

In our investigation, we focused on the web-based user interface that most phones provide for configuration and management purposes. We present different test setups for analyzing the software running on those phones, including emulation and live debugging. Furthermore, we reveal strategies and tools for finding these flaws.

To complete the presentation, we compare our manually detected vulnerabilities to results of different automated firmware security analysis systems. As we show, automated scanners are unable to find most of these vulnerabilities and leave systems widely unprotected.


Phillip Roskosch

Philipp is a security researcher of the department Secure Software Engineering at Fraunhofer SIT (Germany). His research interests center on static and dynamic security analysis in the area of mobile apps and IoT devices. Besides research, he is a penetration tester in the same field... Read More →

Stephan Huber

Stephan is a security researcher at the Testlab mobile security group at the Fraunhofer Institute for Secure Information Technology (SIT). His main focus is Android application security testing and developing new static and dynamic analysis techniques for app security evaluation... Read More →

Thursday September 12, 2019 13:30 - 14:29 BST
* Track 2 *