Virtual Office Featured Article

Trustwave Researchers Sound Alarm on VoIP Backdoor

March 07, 2017
By Steve Anderson - Contributing Writer

The notion that our devices may well be spying on our online and connected activities is at once horrifying and all too plausible.  Yet that's what Trustwave researchers recently found and noted was going on in the Voice over Internet Protocol (VoIP) devices released by DBL Technology, a Chinese manufacturer. The devices were found to have a backdoor system hidden within, one that may have left purchased devices vulnerable not only to intrusion from hackers, but also from the manufacturer itself.

The VoIP devices in question were subject to some potential issues in the authentication process, reports noted, which allowed remote attackers the potential to create a shell that gave that user root privileges. With such privileges in place, the malicious user could then monitor traffic and perform other functions therein.

Neil Kettle, a researcher with Trustwave, offered further explanation, pointing out that the system did well in offering two specific kinds of login function: “ctlcmd” and “limitsh.” Those logins are connected to the system's Telnet interface, and commonly provide very limited information about the device itself. Good steps, Kettle noted, but there's a problem; there's provision made for an undocumented user called “dbladm” that's also involved, one that offers shell access at the root level. Worse, “dbladm” isn't protected by a standard password, but rather by a challenge-response measure that seems to be known only to DBL Technology.

Kettle noted, “Investigation has shown this scheme to be fundamentally flawed in that it is not necessary for a remote user to possess knowledge of any secret besides the challenge itself and knowledge of the protocol/computation.”

Trustwave researchers first spotted the vulnerability in a VoIP GSM Gateway (News - Alert) system with eight ports, later discovering that the vulnerability was also found in GoIP 1, 4, 8, 16, and 32 models as well. It might actually be found in other DBL Technology devices as well.  Perhaps worst of all, when notified of the issue, DBL Technology didn't make much of a move to fix it, reports noted, with the biggest change made to the system being that the challenge-response mechanism was made somewhat more complex. 

While it's not immediately clear just how big a disaster this could be, for anyone who's purchased DBL Technology VoIP systems recently, it's big enough. The notion that, with a simple understanding of one challenge-response procedure, an entire system could be effectively laid bare to any outside intruder, is disastrous by most any reckoning.

It can only be hoped from here that DBL Technology will actually fix this problem instead of papering over it, but this might well be the kind of problem that keeps users away from DBL Technology, and buying from competitors instead.

Edited by Alicia Young

Article comments powered by Disqus

View All