Thursday, August 30, 2007

A VoIP Security attack Demo


VoIP security that is in everyones mind, at least those who are involved with VoIP IP Telephony, have a one more new source for looking up VoIP Security and related information. Sipera Systems that I wrote about in the "VoIP Security at the BlackHat 2007" has launched a new blog, Sipera VIPER Lab Blog.

I was at the VoiceCon San Francisco 2007 and had the chance of seeing the demonstration of the VoIP-to-data attack presentation. This demo was also done at the BlackHat 2007. The demo Sachin Joglekar, Vulnerability Research Lead, shows how by sending a specific SIP packet, he can crash the SIP softphone and have it execute a server code to which he can connect via netcat. This process leads to a terminal (or Command Prompt) on the Windows system and he was in control of the target system. I guess at this point there is no need to explain further.
I think it is good to see the demo podcast presented by Dan York of the “Blue Box: The VoIP Security Podcast”.
So follow the links and enjoy the Blog and the podcast!


0 comments:

Blog Widget by LinkWithin