Using VoIP-based mobile devices over Wi-Fi or IP video phones? Be careful.
Researchers plan to demonstrate this weekend how they can eavesdrop on voice over IP conversations made using an iPhone over a Wi-Fi network and snoop on video and audio communications between IP video phones.
These types of man-in-the-middle eavesdropping attacks aren't new, however these could be the first public demonstrations of them on these particular platforms.
In the VoIP demo at ToorCon in San Diego on Saturday, Jason Ostrom, director of Viper Lab at Sipera Systems will listen to the conversation of someone talking on an iPhone over an unsecured wireless network. The exploit targets smartphones that are using the SIP (session initiation protocol) for VoIP, he said on Friday.
Ostrom will use an open-source assessment tool called UCSniff to listen to and record the conversation. A new version of the tool will be released publicly on Saturday, he said.
In another demo, Ostrom will show an attack in which he can view and listen in real time to video and audio from a conversation made over an IP video phone.
At Defcon in July, Ostrom demonstrated attacks in which someone could eavesdrop on video conference calls and intercept surveillance camera video.
Sipera Systems will announce new security products next week that can help protect against the VoIP over Wi-Fi smartphone attack, said Adam Boone, vice president of marketing and product management at the company.