Exercise 18: Simulating Eavesdropping on VoIP Calls

Objective

Understand how unsecured VoIP traffic can be intercepted and analyzed by capturing and reconstructing audio from RTP packets. Learn how Secure RTP (SRTP) mitigates these risks.

Scenario

As a penetration tester, you are tasked with assessing the security of your organization’s VoIP system. Unsecured VoIP communications can be vulnerable to eavesdropping, exposing sensitive information. In this exercise, you’ll set up a VoIP system, capture Real-time Transport Protocol (RTP) packets during a call, reconstruct audio, and explore how SRTP secures VoIP traffic.

⚠️ Important: Perform this exercise only in a legal and controlled lab environment. Unauthorized interception of VoIP traffic is illegal and unethical.

Lab Instructions

Step 1: Set Up the VoIP Environment

• VoIP Server: Install Asterisk on a Linux machine.
• VoIP Clients: Install Zoiper or any SIP softphone on two separate devices.

a. Install Asterisk VoIP Server

sudo apt update
sudo apt install asterisk -y

b. Configure Asterisk for VoIP Calls

Edit the SIP configuration file:

sudo nano /etc/asterisk/sip.conf

Add two SIP users:

[general]
context=default
allowguest=no

[client1]
type=friend
secret=pass1
host=dynamic
context=default

[client2]
type=friend
secret=pass2
host=dynamic
context=default

Edit the dial plan:

sudo nano /etc/asterisk/extensions.conf

Add the following dial rules:

[default]
exten => 1001,1,Dial(SIP/client1)
exten => 1002,1,Dial(SIP/client2)

Restart Asterisk:

sudo systemctl restart asterisk

c. Configure Zoiper Clients

• Install Zoiper on two devices.
• Configure SIP accounts:
  • Client 1: Username: client1, Password: pass1, Server: <Asterisk Server IP>
  • Client 2: Username: client2, Password: pass2, Server: <Asterisk Server IP>

Step 2: Capture VoIP Traffic with Wireshark

Start Wireshark on the same network.

Apply the filter to capture RTP traffic:

udp.port == 5060 || udp.port >= 10000 && udp.port <= 20000

Initiate a call between Client 1 and Client 2.

Capture RTP packets during the call.

Step 3: Analyze Captured RTP Traffic

Stop the capture after the call.

In Wireshark, go to Telephony > VoIP Calls.

Select the call and click Player > Decode.

Use rtpplay to reconstruct the audio stream:

sudo apt install sox 
rtpplay -T -f rtp_dump_file.cap

Step 4: Mitigation with Secure RTP (SRTP)

SRTP encrypts RTP streams, preventing eavesdropping.

a. Enable SRTP in Asterisk

Edit sip.conf:

[client1]
type=friend
secret=pass1
host=dynamic
encryption=yes

[client2]
type=friend
secret=pass2
host=dynamic
encryption=yes

Restart Asterisk:

sudo systemctl restart asterisk

b. Enable SRTP on Zoiper Clients

• Go to Account Settings > Advanced.
• Enable SRTP for both clients.

Step 5: Verify Encryption

Start a new call.

Capture traffic in Wireshark.

Apply the filter:

udp.port >= 10000 && udp.port <= 20000

Attempt to decode audio. Wireshark should not be able to reconstruct encrypted audio.

Solution & Explanation

How VoIP Eavesdropping Works

• RTP Packets: Carry unencrypted audio between VoIP clients.
• SIP Protocol: Handles call setup but does not secure the audio stream.
• RTP Capture: Allows attackers to reconstruct audio conversations.

Impact

• Data Breach: Sensitive calls can be intercepted.
• Confidentiality Loss: Unsecured calls expose private information.

Mitigation with SRTP

• Encryption: SRTP encrypts RTP streams, preventing unauthorized access.
• Integrity: Protects against tampering.
• Replay Protection: Defends against packet replay attacks.

Testing & Verification

• Verify that RTP packets are captured during unsecured calls.
• Confirm that SRTP prevents audio reconstruction.

Security Best Practices

1. Enable SRTP: Encrypts voice traffic.
2. Use Strong Authentication: Secures SIP accounts with strong passwords.
3. Deploy VPNs: Encrypts entire VoIP communication channels.
4. Regular Updates: Keep VoIP software and firmware updated.

Additional Script (Optional)

Automate SRTP configuration for Asterisk:

#!/bin/bash
# Enable SRTP in Asterisk
sudo sed -i '/\[client1\]/a encryption=yes' /etc/asterisk/sip.conf
sudo sed -i '/\[client2\]/a encryption=yes' /etc/asterisk/sip.conf
sudo systemctl restart asterisk

Run the script:

chmod +x enable_srtp.sh
sudo ./enable_srtp.sh

Conclusion

In this exercise, you simulated a VoIP eavesdropping attack by capturing and reconstructing RTP traffic. You then implemented SRTP to secure VoIP communication, preventing unauthorized access. This highlights the importance of encrypting voice traffic to protect sensitive conversations.