Seguridad de la Telefonía IP en Ecuador: Análisis en Internet

José Estrada; Mayra Calva; Ana Rodríguez; Christian Tipantuña

doi:10.29019/enfoqueute.v7n2.93

Authors

José Estrada Escuela Politécnica Nacional
Mayra Calva Escuela Politécnica Nacional
Ana Rodríguez Escuela Politécnica Nacional
Christian Tipantuña Escuela Politécnica Nacional

DOI:

https://doi.org/10.29019/enfoqueute.v7n2.93

Keywords:

IP telephony, security, Ecuador, Asterisk, vulnerabilities, threats

Abstract

Telephony is a global service and thus telephone networks have been a coveted target for criminals. Now that voice can be transported over IP and that multiple services are integrated in a convergent model through Internet, there are more incentives to attack and more attackers. Moreover, the development of open source telephone applications has encouraged the massive use of IP telephony, but not an increased awareness about embedded security risks. Due to the current and intensive adoption of IP telephony systems in Ecuador, we conducted an exploration based on public information to obtain statistics about telephone systems connected to Internet in Ecuador. Additionally, using a deliberately vulnerable IP telephony system, we collected more data to do a preliminary analysis of threats to such systems. We found that hundreds of telephone systems were publicly available on the Internet and using outdated versions of Asterisk-based applications. We also found thousands of malicious interactions on the IP telephony system we deployed on the Internet.

Metrics

Downloads

Download data is not yet available.

References

Allen, L. (2012). Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide. Packt Publishing Ltd.
Androulidakis, I. I. (2016). VoIP and PBX Security and Forensics: A Practical Approach.
Bryant, R., Madsen, L., & Van Meggelen, J. (2013). Asterisk: The definitive guide. " O'Reilly Media, Inc.".
Corporación Nacional de Telecomunicaciones. (2016). Troncal Telefónica IP - Telefonía | Corporación Nacional de Telecomunicaciones. [en línea] Disponible en: https://www.cnt.gob.ec/telefonia/plan-corporativo/troncal-telefonica-ip-2/ [Visitado 12 Ene. 2016].
Dassouki, K., Safa, H., & Hijazi, A. (2014, March). End to End Mechanism to Protect Sip from Signaling Attacks. In New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on (pp. 1-5). IEEE.
El Comercio. (2015). Las llamadas por WhatsApp no pueden ser restringidas en Ecuador, según el Gobierno. [en línea] Disponible en: http://www.elcomercio.com/actualidad/llamadas-whatsapp-restringidas-ecuador-gobierno.html [Visitado 12 Ene. 2016].
El Universo. (2016). Skype reporta que algunos usuarios tienen problemas para realizar llamadas. [en línea] Disponible en: http://www.eluniverso.com/vida-estilo/2015/09/21/nota/5140421/skype-reporta-que-algunos-usuarios-tienen-problemas-realizar [Visitado 12 Ene. 2016].
EnableSecurity. (2012). SIPVicious. [en línea] Disponible en: http://blog.sipvicious.org/ [Visitado 1 Ene. 2016].
Exploit Database. (2010, Septiembre 24). FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution. Disponible en: https://www.exploit-db.com/exploits/15098/ [Visitado 31 Ene. 2016].
Exploit Database. (2014, Marzo 12). FreePBX 2.11.0 - Remote Command Execution. Disponible en: https://www.exploit-db.com/exploits/32214/ [Visitado 30 Ene. 2016].
Exploit Database. (2015, Marzo 7). Elastix 2.x - Blind SQL Injection Vulnerability [en línea] Disponible en: https://www.exploit-db.com/exploits/36305/ [Visitado 1 Ene. 2016].
Instituto Nacional de Compras Públicas. (2016). Ingreso al Sistema - Compras Públicas. [en línea] Disponible en: https://www.compraspublicas.gob.ec/ProcesoContratacion/compras/ [Visitado 1 Ene. 2016].
Ip2location. (2016). Block Visitors by Country | IP2Location.com. [en línea] Disponible en: http://www.ip2location.com/blockvisitorsbycountry.aspx [Visitado 1 Ene. 2016].
Puente, G. B. (2015). Elastix Unified Communications Server Cookbook. Packt Publishing Ltd.
Sangoma. (2014). FreePBX. [en línea] Disponible en: https://www.freepbx.org/ [Visitado 1 Ene. 2016].
Terán, F. (2012). Nuevas fallas de seguridad Zero Day descubiertas en Asterisk 1.6.2, 1.8 y Asterisk 10. [en línea] Sinologic :: Tu web favorita sobre VoIP. Disponible en: https://www.sinologic.net/blog/2012-04/nuevas-fallas-de-seguridad-zero-day-descubiertas-en-asterisk-1-6-2-1-8-y-asterisk-10.html [Visitado 1 Ene. 2016].

JCR(JCI)	Q4(0.13)
REDIB Journals Ranking	Q2(16.594)
Google Scholar Citations	3405
Google Scholar h-index	25
Google Scholar i10-index	103
OAJI Impact Factor	0.351
MIAR ICDS	7.5
Index Copernicus Value	94.81
Dimensions	351(0.93)

	2022	2021
Submissions Received	92	65
Submissions Accepted	29	22
Submissions Declined	53	41
Submissions Published	24	24
Days to Accept (x̄)	104	131
Days to Reject (x̄)	35	34
Acceptance Rate	24%	35%
Rejection Rate	76%	65%

Security of IP Telephony in Ecuador: Online Analysis

Authors

DOI:

Keywords:

Abstract

Metrics

Downloads

References

Published

How to Cite

Issue

Section

Make a Submission