Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

The femtocell, prime time or bad time?

I fancy the idea of femtocells, to take the wirless traffic down into “earth” as fast as possible, but is this femtocell effoert just too late?

I have a NEC G3 femtocell to test out. It can do 3G with speeds up to 14Mbit, and have 4 or 8 (license issue…) concurrent calls. The range is approx 25 metres indoor, 150+ metres outdoor it states in the manual.
The price is estimated to approx 200 USD for the devices at the moment.

But how can this match a WiFi access point capable of 300Mbit already and costing a fifth of it.

It is still sensible since these address to different service markets at the moment, but this services will be Internet based and then who cares if you use 3G/4G/5G or your WiFi. It should only give you Internet access to all your over the top services. And the mobile operator will be just another access provider….

M2M is ramping up

And then a new era has arrived, the time of the machines. No, they will not take over the world today, but start helping you out more and more with your life. All those little things..

From the robot vaccum cleaner (i’ve had one for 5 years already) to the built in intelligence in the microwave, more and more technology around you will get connected. Just like Web 2.0 brought the social web to the Internet for human beings, M2M (machine to machine) communication will get a lot of your technology gadgets to talk to each other, cooperate and give you an even better service.

Detecting phrases in an encrypted VoIP call

Even if you use an encrypted VoIP connection, the content of your call can be picked up by analyzing the timing and size of the encrypted traffic. You must use a Variable Bit Rate (VBR) codec, which just compresses the speech which is said. If you would use encryption on G711 with no Voice Activation Detection (VAD) enabled (just a continous stream of data), this phrase recognition would not be possible.

This shows that it you need to see the “whole” picture when securing your communication.

The full paper is here for more information.

Also a 27 pages presentation here

GSoC project -> Dionea with SIP

Are you a student in need of a summer job and interested in VoIP?

Apply to become a Google Summer of Code student and help the Honeynet Project to improve the SIP module for Dionea!

Join the IRC channel on freenode for any questions on channel #gsoc-honeynet (web client available here)


The great MeshPotato

A great introduction to the MeshPotato!

The MeshPotato is a start-up kit for any community to take charge of their own Internet and Telephony infrastructure! I love it!

Another day, another VoIP fraud (just 13 000 USD..)

This time it was h.323 on a Cisco CallManager which was exploited in some ways. My personal guess is just bad configuration, but maybe there also is a bug in it as well.From a mailing list:

A company we work closely with, but is not our customer, had their Cisco
Call Manager hacked due to some h.323 vulnerability that I don’t have
full details on yet.  There were a number of calls placed to:


My findings indicate these are Globalstar satellite numbers that cost
somewhere between $4 and $7/minute to call, depending on carrier.  The
victim’s carrier is billing them at $6.50.  The total bill for the event
is around $13k.  This is a small company that can’t really afford this.

If I had a small company and connected to a carrier, I would demand credit limits. It is the same as I would not have a 1 million credit limit on my credit cards. Check with your VoIP carrier that he has effective credit limits!

And another 100 000 dollar fraud this weekend..

From one of the mailing lists:

Recently we have been hit by the attackers during the weekend causing more
than 100 K USD bill
They were dialing payphone type numbers” dial to win” by compromsing one of
our DID number.
Mostly calls were placed to Lithuania, and sierraleone.
But guys buckle up, there are some gangs using sophisticated mechanisms to
get into IP PBX systems
Remove all NAT with local IPs, block SIP ports and h.323 ports, if u r using
cisco upgrade to v15.12T.
add trusted gateway list.

One way to document and block hackers, is to implement a VoIP Abuse list.
Have a look at VoIP Abuse Blacklist implentation.

But the Romanians keep hacking..

32 people was apprehended in Romania, but the VoIP hacking continues from this country. Low wages, highly educated people and not too many jobs often forces people to start hacking, combined with low risk of being caught.

This was from IP caught in a SIP honeypot belonging to Honeynet Project.

REGISTER sip:IP.removed SIP/2.0
Via: SIP/2.0/UDP;rport;
From: <sip:1234@IP.removed>;tag=3202
To: <sip:1234@IP.removed>
Call-ID: 14862
Contact: <sip:1234@>
Max-Forwards: 70
User-Agent: Linphone/ (eXosip2/3.3.0)
Expires: 3600
Content-Length: 0

Normal procedures is to use SIPvicious to do scanning, then use Linphone or other softphone to test out if you can dial out on the discovered IP PBX.

VoIP admins, do a pen-test on your own system and lock it down. This is, sadly, just the start….

VoIP hacking is a BIG industry! 32 people apprehended in Romania

This morning, the Directorate for Combating Organized Crime and Terrorism (DIICOT) in Romania conducted 42 raids, identifying 32 people specializing in VoIP hacking.

Numbers so far is 11,5 million euros in fraudulent VoIP traffic from this group. The group made around 10% of this amount from their premium numbers.

The main technique seemed to establish premium numbers in Sierra Leone, Somalia, Austria, Latvia, North Korea, Zimbabwe, Madagascar, Belarus, etc and cash in on calls to these destinations.

This correlates to attacks we have seen, calls trying to go to Somalia and Sierra Leone on our VoIP honeypots (but of course they were not successful).

This only confirms that there are major money in VoIP hacking and this is not single persons doing it but organized crime. I’m afraid this is just the beginning.

Original link

Link translated to English

Sandro Gauci has written more about it here

Another day, another fraud

Another day, another fraud… and there will be more… imagine your company getting hit with a 100 000 USD bill from your telco company? Who to blaim?
here is one company which did…

If you get a SIP trunk from a VoIP provider, make sure they have fraud management and credit limits!