Unified Communications: Click to talk

Aug 19 2009   2:12AM GMT

IP Video Vulnerable to Attack

Tony Bradley Tony Bradley Profile: Tony Bradley

IP video conference calls can be easily hijacked or eavesdropped using simple tools that are available for free. Of the organizations that use IP video for surveillance or conferencing, only about 5% employ any sort of encryption or security measures to protect it.

Its a common trick in action movies for the bad guys to cut the wires to the video surveillance cameras and insert their own looped video clip of business as usual so that security guards monitoring the area can’t tell a breach is occurring. The Hollywood bad guys always make it look so easy, and now it is. Using simple techniques attackers could insert video into an IP video surveillance stream or listen/watch an IP video conference undetected.

Sipera Systems VIPER (Voice Over IP Exploit Research) Lab team demonstrated an attack on IP video conferencing at the recent DEFCON security conference. Jason Ostrom, director of VIPER Lab, said “These attacks are based on ARP poisoning/man-in-the middle. You can do this with email and VoIP — we’re just doing a new twist on an old attack to show people that these vulnerabilities are out there for IP video.”

IP video and other aspects of unified communications can be game changing tools to streamline business processes and improve efficiency. However, they also have to be protected and secured or they can easily become game changing weaknesses that allow attackers access to sensitive information and network resources. Make sure you take advantage of the inherent security of the products you are using by enabling encryption and other security controls, and also take a look at third-party products like Sipera’s UC-Sec applicances.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: