Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 29th, 2008

New Sniffer Can Attack VoIP Users

Next-generation VoIP sniffer was released on Saturday at Toorcon in San Diego by Jason Ostrom of VoIP Hopper. The tool, that might be used for attacks, should help raise awareness of the type of vulnerabilities businesses face as they adopt unified communications (UC) technology.

According to Jason, the tool, UCSniff, has two settings. One is a learning mode, sniffing all the IP traffic then mapping telephone extensions to specific addresses. By default, it is capturing all the calls and saving them to wave files.

The other setting is targeting conversations. After learning the IP addresses of the phone system, someone using UCSniff can listen to all the VoIP, or voice over Internet Protocol, conversations made by a specific user., say the CEO. That’s user mode. A second mode, conversation mode, allows someone to monitor calls made exclusively between two extensions, say only when the CEO calls the CFO.

“So it’s like dynamic ARP poisoning,” Ostrom explained, referring to Address Resolution Protocol spoofing. “The tool, on the fly, figures out how to do the ARP poisoning for you so you’re not intercepting the traffic of phones that you do not want to intercept.”

The flaw, if any, is within the structure of the system and not specific to any platform, such as that of Cisco Systems. There are two other tools and combined, the tools can allow one to create a man-in-the-middle attack on VoIP networks in an enterprise.

Some of the pieces are already available on the Internet. However, UCSniff “brings together what is lacking, what is needed to be the most effective and secure VoIP security assessment tool available.”

Share this item with others:

More on CyberInsecure:
  • Hotspot Sniffer Eavesdrops On iPhone Audio And Video VoIP In Real-time
  • Skype Encrypted Instant Messages Can Be Eavesdropped
  • Malware Found In Heartland Bank Card Payment System
  • Severe VoIP Vulnerabilities In Microsoft Communicator
  • Microsoft Keyboards, Media Devices Under Attack By Open-source Kit

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New Sniffer Can Attack VoIP Users

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.