This document introduces Abhijeet Hatekar, a security researcher who works for Microsoft. It discusses his work developing hacking tools like Chupa Rustam for analyzing the security of VoIP phones. Chupa Rustam can crack the passwords on Grandstream video phones and enable unauthorized video streaming by exploiting vulnerabilities. The document urges vendors to improve authentication and documentation, and warns users against reusing passwords or bringing video phones to private spaces. Hatekar is available to answer questions about his research.
38. Survey Facts
78% people do not change the default password.
Out of remaining 22%, 42.98% just increment a number.
e.g.Password1, admin2 etc.
Source: Symantec Inc.
The Password 75% of social networking username and password samples
collected online were identical to those used for email
leaks some accounts.
69.30% people write down their password to remember.
facts ☺ Source: www.securityweek.com
63% people do not change their password often.
Source: www.cnet.com
42. After burning the midnight oil over couple of smokes
Grey cells
Packet captures
I found out different interesting configuration variables.
43. The Research:
Mapping Configuration Variables
P2 = password
P97 = iLBC Frame size
P927 = Video packet size
P39 = local RTP port
P928 = ??? <interesting>
44. The Research
These variables correspond
to some features directly
affecting the Grandstream
phone.
Among all the variables,P928
caught my attention because
as soon as I set that variable.
46. The Research
P928 starts RTSP server
on phone
Can stream video from
the video phone camera
User is not aware of this
and moreover
User cannot control it
from phone menu
47. Cracking SRTP Authentication
• Phone tries to authenticate RTSP
client
• http digest authentication mode
• QoP is only auth and not
auth_int(little safe)
• Vulnerable to MiTM and
password brute force attacks
48. So far I have not seen this
room getting into
the sleeping zone…
I believe then it’s not that
boring ☺
57. Lessons Learned for Vendors
Use strong authentication
mechanisms
Document all features and secure
them
provide features only if necessary
58. Lessons Learned for End Users
Change default passwords
to something better than
alphanumeric
There is no fix for the human
stupidity
DON’T bring video phones to your bedroom ☺
59. How can I get Chupa-Rustam?
http://tools.chackraview.net/chuparustam