VoIP security issues seem to be passe’, judging from the latest lineup updates for DEFCON. Only two sessions have VoIP clearly incorporated into their presentations — it’s a far cry from the days when Phil Zimmermann would pop up to plug Zfone and everyone was explaining their latest ‘sploits.
First making its guest appearance in Las Vegas at the end of July is The Middler 2.0, a man-in-the-middle tool with an expanded portfolio. The tool can now work its mischief on VoIP, producing the opportunity to interactively redirect calls, join them, or take them over; version 1.0 of The Middler does such “fun” things as grabbing cookies and passwords.
Sipera’s VIPER lab lads have moved UCSniff beyond voice into video. UCSniff 3.0 now has enhanced video eavesdropping features and there are free complementary assessment tools, VideoJak and videosnarf. The VideoJak tool can be used against a video phone and other IP video security and surveillance — you know all those movies where the video surveillance footage gets bypassed? Yah… exactly…
To be fair, VIPER lab presenters hint at a new tip gleaned from VoIP pentesting of enterprise networks to enhance one’s ability to target specific VoIP users clandestinely with “Other VoIP goodness may follow this,” but video seems be the Bigger News.