Freak Security Problems

Christian Stredicke
CEO of Vodia Networks

Here we go again: Freak. I hope I understood this problem correctly.
This time the situation seems to be slightly different. This is not so much about buggy software that can be exploited by hackers working for the government of for themselves, like we had this in heartbleed before. This time it is about keys that were deliberately chosen weak, for export outside of the Unites States. A relic from the 90s when 512 bit was still a lot for RSA.
On your PBX it is up to you how many bits you use for your certificate (if you should choose to upload you own certificate at all). 1024 bits are already so much more secure than 512 bits, and 2048 which is considered standard today is pretty secure, depending on how you actually generated the prime numbers for the key.
I believe most of the PBX users are using the built-in certificate, which is, honestly, not a very secure way of encrypting your traffic because all PBX are using the same key and, well, we at Vodia have the private key (you have to trust your software vendor a lot, not only with the PBX software). So if you want to have a well-protected system, you’ll have to generate a key with at least 1024 bits. Because most IP phones don’t check the certificate against a list of know Root CA for practical reasons, you actually don’t have to purchase that certificate, you can just generate this on your own and already increase your systems security a lot. Of course the gold standard is the certificate that has been signed by a public CA authority.
But the problem with freak not so much with what certificate you load into the PBX, it is more on what the PBX trusts. In theory, the SIP could use a SIP trunk with TLS that has a 512 bit key, which could be exposed to a man-in-the-middle attack. Then that traffic could be intercepted. Or you are pushing the CDR to a server that is using only 512 bit keys. However I believe that practically anything that has been set up in the last years is using at least 1024 bits. And speaking from a practical point of view, TLS and SRTP for SIP trunking is still extremely rare.
What the PBX could do in theory is reject keys that have let’s say less than 1024 bits. Maybe this is something we consider for one of the next builds. At least we can have a setting that defines how many bits a certificate must have at least before the PBX can accept it.
My overall impression about freak is that this has a low impact on the PBX security. This is really more a topic about public web servers that have some old keys still running from times when the key length had to be short for legal reasons.
If you are using weak certificates and want to feel more secure, upload a better certificate. You don't even have to restart the service for this.