Researchers offer tools for eavesdropping and video hijacking

By Elinor Mills, CNET News.com
Monday, August 03, 2009 10:51 AM

Showing off technology that James Bond would love, two researchers at Defcon last week demonstrated tools that allow people to eavesdrop on video conference calls and intercept surveillance camera video.

An attacker needs to be in the same building as the victims to carry out the man-in-the-middle attacks over the network.

The free UCSniff tool, available in Linux and Windows versions, offers a slick graphical user interface for sniffing video, said Jason Ostrom, director of the Viper Lab at Sipera Systems. The tool basically tricks the voice-over-IP network carrying the video into sending the data packets to the attacker's computer, he said.

This could be used to spy on people. For instance, an attacker could listen in on and record confidential conversations between an executive who is on a video conference call with another remote executive, according to Ostrom.

Ostrom and Arjun Sambamoorthy, a research engineer at Viper Lab, also have developed another free tool called VideoJak that can be used to intercept video streams.

Thieves planning to steal from a museum, for example, could use the tool to change live surveillance video being watched by a museum security guard so that it replayed previous video of the art, giving thieves time to steal art without detection.

Attackers can replay video from the same stream or inject other video, like pornography, the researchers said.

Companies can use encryption on the network server to protect against these attacks, but encryption is not enabled by default, Ostrom said.

"These assessment tools can show you the impact of the vulnerability to your network," he said.

John Draper, aka "Capt. Crunch," said he is interested in using the UCSniff tool to test the systems at start-up En2Go where he is chief technology officer. En2Go is signing up with companies to deliver high-definition media, including movies and corporate videos, to desktops.

"I want to ensure customers and clients that someone can't steal movies off Flyxo," En2Go's system, he said.

Intercepting streaming video isn't new, but UCSniff "makes it easier; it makes it plug and play," Draper said.

This article was first published as a blog post on CNET News.

See also: PC security, Data security, Authentication and encryption, Network security, Tool, Video, security guard, Attacker, chief technology officer, network

+ Add tag

To add tags, you need to become a member. It's FREE.

Log in or sign up now!

Cancel

WORTHWHILE?

0
0 votes

Save to My Library

Talkback

Print

E-mail

Share

Alerts

Slashdot

Digg

Facebook

Twitter

Delicious

reddit

Google

StumbleUpon

close this

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Related Whitepapers

New Era of Intelligent Communications

Business Communications Applications on Any Network

Enterprise IT Modernization: A Comprehensive Solution Approach

Featured Whitepapers

Security Considerations for Cloud-Ready Data Centers

Opportunities and Challenges with the Convergence of Data Center Networks

Tech Jobs Now!

Buisness Development Manager (BDM) Electronic Security Systems

IT Compliance â Team Lead

IT Compliance â Support Analyst

Senior Manager Information Risk and Compliance/Melbourne/$

COMPLIANCE & RISK ANALYST

Search for your ideal tech job:

News from Countries/Region

» Singapore

» Malaysia

» Thailand

» India

» Philippines

» Indonesia

» China/HK/ROC

» ASEAN

» Asia Pacific

Related News

What's Hot

Latest News

Security experts' sites hacked on eve of Black Hat conference

Researchers to offer tool for hacking Oracle DBes

Hacked ATMs let criminals steal cash, PINs

Signature makes cards 'less secure'

Beware business cloud dangers, says EU agency

Aust govt sets up new CERT

Chrome OS security: 'Sandboxing' and auto updates

Microsoft warns of IE exploit code in the wild

'Godfather of Spam' sentenced to four years

Chrome OS security: 'Sandboxing' and auto updates

Aust govt sets up new CERT

Signature makes cards 'less secure'

Microsoft warns of IE exploit code in the wild

TechGuides

Use shades of gray to enhance scale in Excel

Excel's palette is generous, but don't throw buckets of pigment all over your spreadsheets just because you can.

Read more �

Specials

News and Interviews

Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video

Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

Salesforce CEO chatters about new social media platform
Facebook-type app hits the enterprise
Play video

Salesforce demos Service Cloud 2
New Web-based tools for customer service
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video

Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video

Latest from Blog Central

Ultimate 2012 recovery site: the moon

Have you seen the disaster movie "2012"? A friend from Control Risks and I did, and we reluctantly concluded we wouldn't be able to write off the cost of our..... by Nathaniel Forbes

Read more �

Tags

attack

authentication and encryption

blog

data security

e - mail

hacking

internet

malware

microsoft corp.

network

network security

pc security

researcher

security

security management

software

spam and phishing

symantec corp.

viruses and worms

web