A flaw that makes it possible to hijack VoIP calls over BT’s DSL Home gateway has caused quite an uproar, despite BT announcing that the flaw was brought to light last year and was resolved in subsequent firmware updates.
An excerpt from Washington Post:
Those at risk are subscribers using BT Home Hub firmware version 6.2.6.B with BT’s Broadband TalkVoice over IP (VoIP)service, Pastor said.
A video of the VoIP exploit is available on YouTube.
Here are some details on the flaw as mentioned on the blog of the GNUCitizen Blog:
In summary, if the victim visits our evil proof-of-concept Web page, his/her browser sends a HTTP request to the BT Home Hub’s Web interface. After this, the Home Hub starts a VoIP/telephone connection to the recipient’s phone number specified in the exploit page. This is what the attack looks like: the victim’s VoIP telephone starts ringing and shows an external call message on the LCD screen along with the recipient’s phone number. However, what’s interesting is that from the point of view of the victim, it looks like he/she is receiving a phone call from the number shown on the screen, but in fact he/she is calling that number!
BT denied that the flaw is new, and it said that no customers had reported being affected. However, BT will make automatic updates available on its Home Hub.
As VoIP goes mainstream, so will its exploits.