DEFCON 20 The End of the PSTN As You Know It

July 5, 2020

>> Mystic Messenger Hack <<

JASON OSTROM SECURITY RESEARCHER, VIPER LAB (VOICE OVER IP EXPLOIT RESEARCH), AVAYA, INC.
KARL FEINAUER VULNERABILITY RESEARCH SOFTWARE ENGINEER, VIPER LAB
WILLIAM BORSKEY SENIOR SECURITY CONSULTANT, VIPER LAB

The PSTN as you know it is changing. In March of 2012, the NSA announced “Project Fishbowl”, a reference architecture for secure mobility VoIP usage on smartphones using WiFi or 3GPP networks. At the same time, mobile carriers in the US (seemingly) ensure that subscribers must purchase voice plans on their smartphones and can’t opt for data only plans – which curtails a compelling option of purchasing a smartphone for data only usage, such as VoIP. Other mysterious clues abound. Since the mid-to-late 90s, users have been able to host their own web and email servers using open standards and DNS for advertisements, peering directly between domains and systems. At the same time, since the early 2000s, the technology and protocols have existed for enabling direct VoIP peering between enterprises, bypassing the PSTN, using DNS SRV records and ENUM – the same way we’ve been using DNS for HTTP and SMTP for years. But why is this seemingly attractive option for cost savings and collaboration not more widely adopted? Surely this is the way VoIP was meant to be used? Or isn’t it?

In this talk, we will explore the so-called market buzz of “UC Federation”. Rather, we will kick this term to the bit bucket, and present an overview of how the industry is deploying these solutions technically. We will take a closer look at the security of being able to use UC between organizations, advertised using DNS, the same way that companies use UC internally for VoIP, HD Video, data sharing, IM & Presence, and collaboration applications. This talk is divided into three sections.

First, we’ll share our research on the state of public SIP peering using DNS SRV. Is SIP peering proliferating? How? What does it mean? Using a PoC research tool, we’ll look at some initial data we’ve found, in order to plot the increase of peering using DNS SRV records for SIP service location advertisement.

Second, we will show the audience findings from our UC “Federation” Honeypot research project. We’ve built a UC solution using a large commercial vendor, and have tested “Federation” with the help of the Global Federation Directory. Just to see what would happen. We’ve also set up a network of cloud based UC Federation honeypots using open source software, to explore attacks against UC Federation Systems.

For more information
To download the video
Playlist DEFCON 20:

>> Mystic Messenger Hack <<