VoIP Security Videos on Youtube
Here are a couple of videos from the folks at VoIPShield illustrating some VoIP attacks. The first one shows a hacker walking into a office area (they say it is a bank) and after they distract the receptionist, they disconnect the lobby area VoIP phone and plug in their laptop and presumably launch a DoS attack that takes down the phone system. The entire attack only takes a few seconds, which is theoretically possible, but would normally take longer, because you would probably have to collect and spoof the IP address and possibly MAC address. Also, I am aware of a number of flood-based DoS attacks that will affect a VoIP system. This video implies that there are also some "single-packet-of-death" vulnerabilities out there, which is certainly possible. VoIPShield sells products that provide some countermeasures to these attacks, although arguably the best countermeasure is to use 802.1x (assuming the VoIP phone supports it) or at least port security. This is especially important for semi-public VoIP phones. Or you could put a good-old-fashioned analog phone in these areas.
http://www.youtube.com/watch?v=x56j2BRkUME
Here is another video about a hacker in a hotel, who seems to be using a Man-In-The-Middle attack to gain access to calls, which they in turn record. The target again seems to be a bank. I am not sure why they are showing this attack originate in a hotel, unless they are trying to record calls within the hotel, which is possible, but if were a hotel manager, I would never put pricey VoIP phones in the rooms.
http://www.youtube.com/watch?v=S-3CW-epFBM
The final video shows a hacker who is apparently blocked - he gets a big "access denied" message all over his screen. I assume the idea here is that the target is using VoIPShields security products.
Comments