Security analysis of an IP phone: Cisco 7960G
Italo Dacosta, Neel Mehta, Evan Metrock, and Jonathon Giffin.
In Principles, Systems and
Applications of IP Telecommunications (IPTComm).
Heidelberg, Germany, July 2008.
IP phones are an essential component of any VoIP infrastructure. The hardware constraints and newness of these devices, as compared to mature desktop or server systems, lead to software development focused primarily on features and functionality rather than security and dependability. While several automated tools exist to test the security of IP phones, these tools have limitations and can not provide a strong guarantee that a particular IP phone's software is secure. Our work is an experimental study that evaluates the attack resilience of a widely deployed IP phone—the Cisco 7960G running Session Initialization Protocol (SIP) firmware. We employed techniques typically used to evaluate the security of general purpose software: vulnerability scanners, fuzzing tools, and static binary analysis. While the first two techniques found no vulnerabilities, the static analysis of the firmware image revealed critical vulnerabilities and fundamental software design flaws that would allow a remote attacker to take complete control of the device. We conclude with arguments that security designs proven useful in desktop and server software architectures should similarly appear as part of embedded software design for devices such as IP phones.
Paper: [pdf]