Security researchers from Rapid7 have found a large number of insecure UDP Internet services in Germany, which are used for VoIP. The researchers found nearly six million exposed SIP services on port 5060 / UPD, more than any other country in the world.
The Session Initiation Protocol (SIP) is used to establish a communication session in Internet telephony and is particularly difficult to secure. Only encrypted SIP (SIP-TLS on port 5061 / TCP) provides adequate protection against active and passive eavesdropping and toll fraud, but plain text SIP is still widely used in Germany. This is demonstrated by Rapid7’s new National Exposure Index, an annual ranking that examines the extent to which countries around the world are at risk of active cyber attacks.
For the study, Rapid7s security researchers scoured the entire Internet for TCP / IP services that, for example, are not secured with modern encryption methods or offer other critical points of attack. For the first time, the current report also looks at the “amplification potential” this year, that is, how unreasonably exposed UDP services can be used in enhanced distributed denial-of-service attacks (DDoS-A).
The United States ranks as the most exposed country in the National Exposure Index 2018 for all kind of attacks (not only SIP services), followed by China, Canada, South Korea and the United Kingdom. Germany ranks ninth with around 13 million servers that responded to Rapid7’s scan.