Sipera VIPER Lab will demonstrate a VoIP exploit that allows hackers to take control and delete or steal data from a laptop running an enterprise VoIP softphone, at the Black Hat USA 2007 conference. The demonstration will also show that fully deployed, traditional data security is not adequate to protect data from a real-time, VoIP communications attack.
Sipera VIPER Lab will also review various WiFi/dual-mode phone threats as part of its "Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones" presentation, which will take place within the Voice Services Security track on August 1st at 4:45 p.m. Black Hat briefings bring together the best minds from government agencies and global corporations with the most respected independent researchers and hackers. The Black Hat invitation to present reflects both peer recognition of Sipera's leadership in VoIP and Unified Communications security, and increasing awareness of VoIP/UC vulnerabilities and exploits.
"The fact that a known vulnerability in VoIP can be used to create an exploit to steal data should serve as a wake up call to all Chief Security Officers that VoIP security should be escalated as a must-have requirement when deploying Unified Communications," said Eric Winsborrow, Sipera CMO and former VP Product Marketing at McAfee. "Enterprises spend billions of dollars on traditional data security, and closely monitor OS vulnerability announcements on the first Tuesday of the month. Meanwhile, Sipera VIPER Lab has identified an exhaustive list of VoIP vulnerabilities that can be exploited to disrupt critical business communications, and in this case, steal confidential data through a security hole that data security vendors are fundamentally unable to address. The regulatory impact on this exploit, alone, should it happen in the wild, would be severe."
Over the past four years, Sipera VIPER Lab has identified thousands of VoIP vulnerabilities, most of which cannot be addressed by encryption, authentication, or other data security measures. Sipera VIPER Lab has published threat advisories for several WiFi/dual-mode phones, softphones and VoIP hardphones, including those allowing remote attackers to carry out spoofing and denial-of-service attacks, unwanted reboots, uninitiated toll calls, and, in one case, remote access to private call records. These vulnerabilities are posted at http://www.sipera.com/viper
as an educational security service to Sipera's customers and the general public.