Multiple Vulnerabilities Uncovered In FreeSwitch, Telecoms Stack Software

BACKGROUND:

It has been reported that security researchers have gone public about a set of five vulnerabilities in telecoms stack software FreeSwitch. The quintet of flaws – all discovered by a team from German telecoms security consultancy Enable Security – lead to denial of service, authentication problems and information leakage for systems running FreeSwich.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Rahim Jina
Rahim Jina , COO and Co-founder
InfoSec Expert
November 2, 2021 11:54 am

<p>Abuse of SIP is not something new. In fact SIP products, both end-user devices and the infrastructure that enables SIP phone calls, have been subject to a wide range of attacks since their adoption and growth in popularity.</p>
<p>Like any software product, IP telephony in general is subject to the same problems with software bugs as any other software stack. The added complexity of these systems adds to this, as there are often many different protocols being layered upon each other – there are simply so many parts of this beast to attack, from web to end-user-device, to supporting infrastructure. SIP products have traditionally been poor on providing robust security controls. Hacking phone infrastructure is still popular, as the end result can be interesting – from eavesdropping on calls to being able to place arbitrary phone calls on someone else\’s dime.</p>

Last edited 1 year ago by Rahim Jina
1
0
Would love your thoughts, please comment.x
()
x