VideoJak tool for spoofing a VoIP video stream
Another valuable news from the Defcon hacker conference.
Two specialists from the Viper Lab group developed an interesting utility VideoJak (add-on to the well-known UCSniff sniffer ) to intercept the video stream from video surveillance cameras and VoIP programs. The attack is carried out according to the “man-in-the-middle” principle and allows you to completely replace the content of the stream (poisoning). The signaling protocols of the G.711u, G.722, H.263, and H.264 codecs are supported.
Such programs existed before, but now they have grown to the level of mass culture. The free UCSniff sniffer suite exists in versions for Linux and Windows and has a nice graphical interface . The program can take any student without special education. The developers demonstrated the performance of their program right at the conference.
')
Such hacker tools open up broad opportunities for corporate espionage, since executives of large corporations often use VoIP for important / secret negotiations and meetings.
Interception from surveillance cameras can use the thieves who want to enter the building - now they can observe in real time what is shown on the screens of the security service. Moreover, they can infiltrate the stream and change it: for example, start a replay from a certain point or replace the content (for example, with porn).
To prevent such attacks, you need to use the cryptographic protection of video streams, but in reality it is rarely used and is completely disabled by default in most VoIP programs.
via InSecurity Complex , The Register
Two specialists from the Viper Lab group developed an interesting utility VideoJak (add-on to the well-known UCSniff sniffer ) to intercept the video stream from video surveillance cameras and VoIP programs. The attack is carried out according to the “man-in-the-middle” principle and allows you to completely replace the content of the stream (poisoning). The signaling protocols of the G.711u, G.722, H.263, and H.264 codecs are supported.
Such programs existed before, but now they have grown to the level of mass culture. The free UCSniff sniffer suite exists in versions for Linux and Windows and has a nice graphical interface . The program can take any student without special education. The developers demonstrated the performance of their program right at the conference.
')
Such hacker tools open up broad opportunities for corporate espionage, since executives of large corporations often use VoIP for important / secret negotiations and meetings.
Interception from surveillance cameras can use the thieves who want to enter the building - now they can observe in real time what is shown on the screens of the security service. Moreover, they can infiltrate the stream and change it: for example, start a replay from a certain point or replace the content (for example, with porn).
To prevent such attacks, you need to use the cryptographic protection of video streams, but in reality it is rarely used and is completely disabled by default in most VoIP programs.
via InSecurity Complex , The Register
Source: https://habr.com/ru/post/66065/
All Articles