IP Video conference can be easily hacked using a freeware tool that allows attackers to monitor calls in real-time and record Video files.
The original exploit was first demonstrated more than a year ago, but sadly, most corporate networks are still vulnerable to it, says Jason Ostrom, director of VIPER Lab at VoIP vendor Sipera, where he performs penetration tests on clients’ business VoIP networks.
He says he sees only 5% of these networks are properly configured to block this attack, which can yield audio and video files of entire conversations. “I almost never see encryption turned on,” he says.
Only about one in 20 organizations secures its IP video with encryption or other measures, according to Sipera’s research, so IP video is ripe for attack. Ostrom and fellow researcher Arjun Sambamoorthy used a pair of homegrown open-source tools to perform the hacks at Defcon, which performs video eavesdropping, and VideoJak, which intercepts and replays video.
However, the attacker needs physical access to the IP network to execute these hacks, the researchers say, as well as access to a VLAN port on which the video application resides.
Ostrom demonstrated the attack at the Forrester Security Forum in Boston last week using a Cisco switch, two Polycom videophone and a laptop armed with a hacking tool called UCSniff that he pulled together from open source tools.
How VoIP, IP video hack works
Hacker needs to get access to a VoIP phone jack to which he plugs a laptop with the hacking tool- UCSniff. Using address-resolution protocol (ARP) spoofing, the device gathers the corporate VoIP directory, giving the hacker the ability to keep an eye on any phone and to intercept its calls. There’s a tool within UCSniff called ACE that simplifies capturing the corporate directory.
Once intercepted, the audio and video from the targeted call flow through the laptop, where it can be viewed as it streams by and also where it is recorded in separate files, one for each end of the conversation, Ostrom says.
They used UCSniff to record a ‘safe’ video stream, then converted it to an AVI file. Then we used the VideoJak tool that also supports man-in-the-middle,” he says. VideoJak intercepts the video stream, and replaces it with a malicious or phony video payload.
So, for instance, a bad guy could replace a surveillance feed of his breaking into the CEO’s office with a routine clip trained on the office door, with no sign of the break-in.
How to Prevent VoIP, Video Conference Hacking?
The strongest answer — apply Encryption for both signaling and media. The problem isn’t with the networking or VoIP and video gear itself, but rather with how they are configured in the network.
The scary thing is, 70% of the networks tested by pen-testers are vulnerable to toll fraud attacks that use the corporate network as a proxy for make long distance calls.