Friday, October 23, 2009

Sniffing VoIP in Real Time - iPhone Users Beware

It's been technically possible to plug a laptop into a network and sniff Voice Over Internet Protocol transmissions for quite awhile, thanks to the UCSniff tool. The only caveat was that the attacker needed to wait until the transmission was finished to reassemble the conversation.


Security researchers plan to present a demo this weekend at the Toor hacker conference showing that they can now intercept and playback VoIP conversations in real-time.

As The Register reports:

With a few clicks of a mouse, they will eavesdrop on a call between two audience members using popular iPhone applications that route the calls over the conference network.


Zoiks!

Not only is it possible to intercept conversations, but video conferencing transmissions can also be captured and played back as they happen.

If you're using public Wifi to save money by avoiding usage charges on your carrier's data plan, you should start thinking twice about the possibilities of real-time breaches of confidentiality that could occur through what is essentially a man-in-the-middle (MITM) attack. Unless you're implementing an encrypted transmission or secure tunnel that would foil sniffing tools, you're at a perilously high risk of being compromised.

Tools like this aren't particularly new, but what is changing is how user-friendly they are becoming, which allows fairly unsophisticated hackers with only moderate technical skills to perform tasks previously the domain of hardcore hackers.

You've been warned.

Image via Wikimedia Commons


No comments:

Post a Comment

Please tell me what you think.