Voice over IP (VoIP) promises many benefits, but moving the phone service to an IP network can expose that service to a number of serious threats. This 10 minute podcast looks at just some of these threats.
This entry was posted
on Tuesday, January 27th, 2009 at 12:17 am and is filed under voip.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Most of the attacks in the video use perfectly legal VoIP protocol messages, a standard Firewall (windows or otherwise) does little to block these messages.
Loved the demo. … Loved the demo. I’m actually putting together a presentation about VoIP security issues for a class, but to actually see a few attacks carried out and the ease in which some were done really peaks my curiosity on the issue.
why would it be the … why would it be the last thing a hacker thinks about? Eavesdropping on corporate secret conversations seems well worthy of doing. Remember statistically speaking most hacks are done internally possibly by employees themselves. To say this is the last thing a malicious person shows your ignorance. This video shows a real threat to businesses worldwide since the inception of VOIP.
1. “planting a … 1. “planting a trojan” == sitting on router.
2. “planting a trojan” is a threat itself , if a host compromised and there is a trojan, voip is one of the last things you should think about.
Not all of the … Not all of the threats I demonstrate require capturing sniffer traces, but yes I could make a video based on monitoring email. This is a risk which is exactly why sensitive email needs to be encrypted. The reason for the Video is to highlight the risks of VoIP, I do not claim that there are no solutions.
The umption that … The umption that you need to sit on your own router is wrong. Some of the attacks shown can be launched remotely. Even for those that require traffic monitoring can be done in other ways, for example planting a trojan on the target’s computer. The point of this video is to illustrate just some of the security threats that face VoIP networks, there are others. As for the comment that this is for people who don’t even know how SIP works in modern implementations, this is probably the majority.
Hey I guess we are … Hey I guess we are uming a lot of things here.
Come on, you could also make a video where you capture sniffer traces of all the private emails and transactions from a company.
Going though the internet or a network doesn’t mean that you can sniff all the traffic or inject traffic on it, there are plenty of methods to avoid this happening!
of course if someone doesn’t configure the right security levels I guess is digging his/her own grave :).
Bullshit, you need … Bullshit, you need to sit on router to perfom all those tricks , and if your router compromised , voip is the last thing you should think about.
This video affects those people who doesn’t know how SIP works in modern implementations (Asterisk, SER, Cisco etc). ! they even doesn’t know how switches work..
very informative … very informative and useful video, thanks for sharing and thanks peter for making such a video. (would love to see the rest of it with how to prevent or at least make it more secure hehe free of course)
Voice over IP (VoIP) promises many benefits, but moving the phone service to an IP network can expose that service to a number of serious threats. This 10 minute podcast looks at just some of these threats.
January 27th, 2009 at 12:17 am
Absolutely not!
…
Absolutely not!
Most of the attacks in the video use perfectly legal VoIP protocol messages, a standard Firewall (windows or otherwise) does little to block these messages.
January 27th, 2009 at 12:17 am
Loved the demo. …
Loved the demo. I’m actually putting together a presentation about VoIP security issues for a class, but to actually see a few attacks carried out and the ease in which some were done really peaks my curiosity on the issue.
January 27th, 2009 at 12:17 am
why would it be the …
why would it be the last thing a hacker thinks about? Eavesdropping on corporate secret conversations seems well worthy of doing. Remember statistically speaking most hacks are done internally possibly by employees themselves. To say this is the last thing a malicious person shows your ignorance. This video shows a real threat to businesses worldwide since the inception of VOIP.
January 27th, 2009 at 12:17 am
1. “planting a …
1. “planting a trojan” == sitting on router.
2. “planting a trojan” is a threat itself , if a host compromised and there is a trojan, voip is one of the last things you should think about.
January 27th, 2009 at 12:17 am
Not all of the …
Not all of the threats I demonstrate require capturing sniffer traces, but yes I could make a video based on monitoring email. This is a risk which is exactly why sensitive email needs to be encrypted. The reason for the Video is to highlight the risks of VoIP, I do not claim that there are no solutions.
January 27th, 2009 at 12:17 am
The umption that …
The umption that you need to sit on your own router is wrong. Some of the attacks shown can be launched remotely. Even for those that require traffic monitoring can be done in other ways, for example planting a trojan on the target’s computer. The point of this video is to illustrate just some of the security threats that face VoIP networks, there are others. As for the comment that this is for people who don’t even know how SIP works in modern implementations, this is probably the majority.
January 27th, 2009 at 12:17 am
Very useful …
Very useful information. Thank you for sharing this with people. Look forward to having tools to protect VOIP traffic.
January 27th, 2009 at 12:17 am
Hey I guess we are …
Hey I guess we are uming a lot of things here.
Come on, you could also make a video where you capture sniffer traces of all the private emails and transactions from a company.
Going though the internet or a network doesn’t mean that you can sniff all the traffic or inject traffic on it, there are plenty of methods to avoid this happening!
of course if someone doesn’t configure the right security levels I guess is digging his/her own grave :).
January 27th, 2009 at 12:17 am
Bullshit, you need …
Bullshit, you need to sit on router to perfom all those tricks , and if your router compromised , voip is the last thing you should think about.
This video affects those people who doesn’t know how SIP works in modern implementations (Asterisk, SER, Cisco etc). ! they even doesn’t know how switches work..
January 27th, 2009 at 12:17 am
The demos shown in …
The demos shown in the video use my own sip testing tools. These are not publicly available
January 27th, 2009 at 12:17 am
Please tell me what …
Please tell me what does he use for these commands and what are the commands!
January 27th, 2009 at 12:17 am
which tool is it to …
which tool is it to generate sip messages under windows ?
January 27th, 2009 at 12:17 am
i agree
i agree
January 27th, 2009 at 12:17 am
very informative …
very informative and useful video, thanks for sharing and thanks peter for making such a video. (would love to see the rest of it with how to prevent or at least make it more secure hehe free of course)