Multiple Vulnerabilities Uncovered In FreeSwitch, Telecoms Stack Software

BACKGROUND:

It has been reported that security researchers have gone public about a set of five vulnerabilities in telecoms stack software FreeSwitch. The quintet of flaws – all discovered by a team from German telecoms security consultancy Enable Security – lead to denial of service, authentication problems and information leakage for systems running FreeSwich.

Experts Comments

November 02, 2021
Rahim Jina
COO and Co-founder
Edgescan

Abuse of SIP is not something new. In fact SIP products, both end-user devices and the infrastructure that enables SIP phone calls, have been subject to a wide range of attacks since their adoption and growth in popularity.

Like any software product, IP telephony in general is subject to the same problems with software bugs as any other software stack. The added complexity of these systems adds to this, as there are often many different protocols being layered upon each other - there are simply

.....Read More

Abuse of SIP is not something new. In fact SIP products, both end-user devices and the infrastructure that enables SIP phone calls, have been subject to a wide range of attacks since their adoption and growth in popularity.

Like any software product, IP telephony in general is subject to the same problems with software bugs as any other software stack. The added complexity of these systems adds to this, as there are often many different protocols being layered upon each other - there are simply so many parts of this beast to attack, from web to end-user-device, to supporting infrastructure. SIP products have traditionally been poor on providing robust security controls. Hacking phone infrastructure is still popular, as the end result can be interesting - from eavesdropping on calls to being able to place arbitrary phone calls on someone else's dime.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.