Computer Security Rants & Reverse Engineering

Wednesday, December 7, 2011

Repulbic Security...

Well a quick look at some packet captures doesn't give me the warm fuzzies about republic's VoIP over WiFi implementation. Or maybe thats unfair, its just that its exactly as I feared, VoIP over WiFi with pretty much no security.

All of their SIP packets seem to go in the clear, same with the RTP (voice transport). I see some SSL traffic to EC2 instances.

Checking the IPs for most of the DNS resolves in the capture, shows that most (all) of the republic stuff is in EC2.

For reference they're using G.711 PCMU for voice.

I haven't quite figured out SMSes, at I think they're going through SSL (based on the timing)..

They're using their service for all of the SIP stuff -- also in EC2.

The device does a DNS query for -- all of the HTTPS traffic appears associated with the IPs this resolves to.

Short answer: Don't use WiFI calling on public, or unencrypted WiFi, as people can really easily sniff your traffic -- yes, I mean listen to your calls, steal your SIP creds, etc. 

WEP does not count as encryption in my book, use WPA2/AES.

A suggestion to the republic folks? Enable cyrpto or disable WiFi calling when on unencrypted networks. I'd sooner the former than the latter.

I'd post my captures, but I really don't feel like hanging that kind of data about me out there.

Sorry guys.

No comments:

Post a Comment