• On TechRepublic: 10 cool USB flash drive tricks
October 23, 2009 12:47 PM PDT

Demos to show spying on mobile IP calls

by Elinor Mills
  • Font size
  • Print
  • 4 comments

Using VoIP-based mobile devices over Wi-Fi or IP video phones? Be careful.

Researchers plan to demonstrate this weekend how they can eavesdrop on voice over IP conversations made using an iPhone over a Wi-Fi network and snoop on video and audio communications between IP video phones.

These types of man-in-the-middle eavesdropping attacks aren't new, however these could be the first public demonstrations of them on these particular platforms.

This screen shot shows the user interface of UCSniff. The user can listen in on a conversation and see the video of two people talking on an IP-based video phone. The two video screens show what each of the video phones is displaying.

(Credit: Viper Lab, Sipera Systems)

In the VoIP demo at ToorCon in San Diego on Saturday, Jason Ostrom, director of Viper Lab at Sipera Systems will listen to the conversation of someone talking on an iPhone over an unsecured wireless network. The exploit targets smartphones that are using the SIP (session initiation protocol) for VoIP, he said on Friday.

Ostrom will use an open-source assessment tool called UCSniff to listen to and record the conversation. A new version of the tool will be released publicly on Saturday, he said.

In another demo, Ostrom will show an attack in which he can view and listen in real time to video and audio from a conversation made over an IP video phone.

At Defcon in July, Ostrom demonstrated attacks in which someone could eavesdrop on video conference calls and intercept surveillance camera video.

Sipera Systems will announce new security products next week that can help protect against the VoIP over Wi-Fi smartphone attack, said Adam Boone, vice president of marketing and product management at the company.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Spyware,

Security,

Consumer software and hardware,

Privacy and data protection

Tags:

VOIP,

video phones,

security

Share:
Digg
Del.icio.us
Reddit
Recent posts from InSecurity Complex
Microsoft warns of IE exploit code in the wild
Chrome OS security: 'Sandboxing' and auto updates
Cisco launches iPhone security app
Fortified rice, fuel cells among Tech Award winners
T-Mobile UK says workers sold customer data
FAQ: Recognizing phishing e-mails
Report: Countries prepping for cyberwar
Antitrust concerns linger in Google Books deal
Related
BT's Ribbit releasing Google Voice competitor
China Unicom: 5,000 iPhones sold in first weekend
Trend watch 2010: Mobile movies
Google buys Gizmo5 for Google Voice
Live blog: Ozzie talks Azure and more
Rumors of a Gphone refuse to die
iPhone OS 3.1.2 unlock arrives this week
Apple said to be working on 'world mode' iPhone
Add a Comment (Log in or register) (4 Comments)
  • prev
  • 1
  • next
by solitare_pax October 23, 2009 1:24 PM PDT
I think I saw this on an NCIS episode.
Reply to this comment
by SteveW928 October 23, 2009 1:40 PM PDT
While it would be nice to have standard encryption on SIP, this isn't as big of a deal as it sounds. Remember the days when any police scanner could listen to all the cordless phone conversations around. And, it isn't exactly rocket-science to listen to land-line calls either. This isn't that different.

If you really need privacy for some reason, be sure to use an encrypted mode. While most people wouldn't mind having it, most people don't need it.
Reply to this comment
by DnetMHZ October 23, 2009 1:51 PM PDT
Is this really earth shattering? They can intercept traffic on an unsecured wireless network. If my neighbor yells out his window, I can intercept that too!
Reply to this comment
by almost_rice October 23, 2009 2:56 PM PDT
Looks like someone in the phone industry is trying to scare us from using alternatives.
Reply to this comment
(4 Comments)
  • prev
  • 1
  • next
advertisement

The browser battles go on and on

roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.

3G wireless still holds promise

The next generation of 4G wireless may get all the headlines, but advanced 3G technology will likely dominate services for the next few years.

About InSecurity Complex

Elinor Mills became fascinated with hacker culture when she was sent to Las Vegas to cover DefCon in 1995. Since then, script kiddies have given way to cyber criminals targeting bank passwords, and privacy risks are everywhere, from Google to Facebook and the iPhone. InSecurity Complex keeps tabs on the flaws, the foibles, and the fixes.

Add this feed to your online news reader

InSecurity Complex topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET