|
|
|
|
|
VoIPshield Laboratories is the research division of VoIPshield Systems Inc. We specialize in zero-day vulnerabilities research on VoIP network components. We use a disciplined, systematic approach to our research, typically yielding vulnerabilities in multiple layers of the device stack. Our research results are compiled in the company's vulnerabilities & signatures database. This database forms the IP component of all VoIPshield's security products, and is the company's "secret sauce". It contains previously-undiscovered vulnerabilities and exploits associated with:
What we do:
-
identify 0-day vulnerabilities in VoIP signaling stack implementations (SIP, skinny, UNIStim, H.323)
-
identify 0-day vulnerabilities in VoIP media stack implementations (RTP, RTCP, SRTP)
-
identify 0-day vulnerabilities VoIP supporting protocol stack implementations (STUN, MGCP, ENUM, FTP, etc.)
-
identify security weaknesses in VoIP signaling protocols implementations
-
identify 0-day vulnerabilities and security weaknesses hidden in vendors' proprietary VoIP supporting protocols (DRF, CLI, synchronization, monitoring, etc.)
-
identify vulnerabilities and problems in VoIP Administrative Layer
-
identify configuration related problems in Foundation layer
What we've done
-
Built the world's largest database of VoIP vulnerabilities
-
Discovered world's first VoIP vulnerability with a CVSS score of 10 out of 10
-
System level denial-of-service (DoS) attack accomplished with one media stream packet
-
Multiple VoIP signaling SQL injections
How we do it
-
Studying packet flows and protocol specifications
-
Analyzing protocol implementations
-
Fuzzing, concurrency and stress testing
-
Testing, testing and more testing
-
Using a mix of well-known and proprietary tools and techniques
Why we do it:
-
Because we're the best in the world at it
-
Because we know VoIP systems inside and out
-
Because we like to break things
|
|
|
|
