VoIP Vandals
Internet telephone services like Skype and Vonage are starting to look less like digital gimmicks and more like the next generation of voice communication. They’re cheaper than traditional phone services and increasingly fast and reliable. But they may also be far more hackable.
In a series of presentations, Security professionals at the Black Hat conference in Las Vegas they demonstrated ways in which cybercriminals can eavesdrop on VoIP calls, steal data from Internet telephony devices, intercept credit card numbers from VoIP connections and shut connections down altogether.
Peter Thermos, chief technology officer of Palindrome Technologies, proved the point onstage: He played snippets of conversations recorded by snooping on VoIP calls, exploiting vulnerability in a common element in VoIP communications known as media gateway control protocol.
“Using this weakness in MGCP, you can do anything like reroute or tear down connections,” He said. “But eavesdropping is especially scary.”
Thermos also described an exploitable hole in ZRTP, one species of the VoIP language real-time transfer protocol: ZRTP encrypts all transmitted sounds, but not the numbers translated from tones. That means hackers can listen for credit card information communicated from touchtone phones.
Though the attacks on display were new, VoIP isn’t: Internet telephony has existed since the early ’90s. But Dempster says its increasing adoption hasn’t led to the patching of old bugs. In his presentation, he described how Asterisk, an open-source VoIP application, can be attacked using what he said was an “extremely basic” method known as a buffer overflow. “We point these problems out,” he said, “But the lessons aren’t being taken.”
New mobile devices are also drawing attention to VoIP problems. Krishna Kurapati, founder and chief technology officer of Sipera Systems, demonstrated vulnerabilities of several Wi-Fi devices at Wednesday’s presentations, crashing a Blackberry and a D-Link phone onstage by hacking their wireless Internet connections. He also simulated the theft of private data via VoIP from a laptop.
Toward Green Life- Untitled
- Second wind energy pilot project becomes operational in Pakistan
- Turkish power company gets ADB loan for Wind Energy
- Kenya Mobile Carrier Goes Green
- The Science of 350!
- Manufacturing Wind turbines in Pakistan
- Developing Leaders for Sustainable Development
- How to buy a Green PC?
- Antarctica hit by climate change
- UN Secredtary General commutes to work on a Solar Taxi
- Green planet – Lets Breathe Again
- This Site Has Been Move To the Other Site
- Japanese Company Unveiled Water-fuel car
- Harrison Ford Endorses New Global Tiger Initiative
- Wildfire Continues To burn NC wildlife refuge
- Toyota Motor Corp. Developed A New Zero-Emission Fuel-Cell Vehicle
- War Made Afghanistan’s Forests Levelled And Its Land Polluted With Fuel and Mines
- Environment Related Cartoons
- Forest Disappearing in Papua New Guinea: Says Study
- Turkey Join Kyoto Protocol Recommends Environment Minister
- World Is Losing Momentum In The Battle Against Global Warming: U.N. Climate Chief
- Build your business through effecient Media and PR Management
- An error has occurred; the feed is probably down. Try again later.
Mobifun's Weblog 