Tags › sip security
Attacking a real VoIP System with SIPVicious OSS
Published on Jun 8, 2020 in sipvicious oss, security tools, sip security
Recently, we put out a target server on the Internet at demo.sipvicious.pro which hosts a Kamailio Server handling SIP over UDP, TCP, TLS as well as WebSockets. Behind that, the observant reader will soon discover that an Asterisk server handles the voicemail and echo services. This is actually a fully functioning (real) VoIP system that’s ready to be attacked. Therefore, in combination, these software packages allow us to reproduce a number of common security vulnerabilities affecting VoIP and WebRTC systems.…
A gentle introduction to caller ID spoofing
Published on May 7, 2020 in caller id spoofing, sip security
Introduction Phone and real-time communications systems in general make use of caller ID to indicate who is calling when a phone is ringing. Caller ID is that little number that shows up on your phone telling you that it is your boss calling. The number is often matched against your phone book to show an actual name. This feature is not only available on PSTN (public switched telephone network) but also in the VoIP systems that have been replacing it in the past dozen or so years.…
If SIPVicious gives you a ring…
Published on Dec 10, 2012 in asterisk, cyber crime, sip security, sipvicious oss, security tools
Note: SIPVicious version 0.28 is out, go get it. I like to keep an eye on the social media and Google alerts for SIPVicious and in the last few months I noticed a rise in mentions of the tools. Specifically, a number of Korean twitter users (who have their service with KT, a VoIP service provider) complaining about receiving a call from a caller-id showing ‘SIPVicious’. After contacting a Korean friend, this led to an interview by a reporter for an article that was published on a Korean tech news site Boan News.…