Researchers offer tools for eavesdropping and video hijacking

LAS VEGAS--Showing off technology that James Bond would love, two researchers at Defcon on Friday demonstrated tools that allow people to eavesdrop on video conference calls and intercept surveillance camera video.

An attacker needs to be in the same building as the victims to carry out the man-in-the-middle attacks over the network.

The free UCSniff tool, available in Linux and Windows versions, offers a slick graphical user interface for sniffing video, said Jason Ostrom, director of the Viper Lab at Sipera Systems. The tool basically tricks the voice-over-IP network carrying the video into sending the data packets to the attacker's computer, he said.

This could be used to spy on people. For instance, an attacker could listen in on and record confidential conversations between an executive who is on a video conference call with another remote executive, according to Ostrom.

Ostrom and Arjun Sambamoorthy, a research engineer at Viper Lab, also have developed another free tool called VideoJak that can be used to intercept video streams.

Thieves planning to steal from a museum, for example, could use the tool to change live surveillance video being watched by a museum security guard so that it replayed previous video of the art, giving thieves time to steal art without detection.

Attackers can replay video from the same stream or inject other video, like pornography, the researchers said.

Companies can use encryption on the network server to protect against these attacks, but encryption is not enabled by default, Ostrom said.

"These assessment tools can show you the impact of the vulnerability to your network," he said.

John Draper, aka "Capt. Crunch," said he is interested in using the UCSniff tool to test the systems at start-up En2Go where he is chief technology officer. En2Go is signing up with companies to deliver high-definition media, including movies and corporate videos, to desktops.

"I want to ensure customers and clients that someone can't steal movies off Flyxo," En2Go's system, he said.

Intercepting streaming video isn't new, but UCSniff "makes it easier; it makes it plug and play," Draper said.

[bsharkey]

the funny thing about the second one named, I recently saw it in a heist-type movie (it was The Code, I think?) so for once, a Hollywood movie actually reflects a real type of technology rather than just make believe.

[gellersamantha]

how legal it is to use them for private use ?
samantha
www.Aafter.com

[woganmay]

There's only one possible reason you'd want to use it privately. And in that instance, no, it's probably not legal.

[telestarnext]

Define legal.

And who gets to make that decision. ;)