Tuesday, August 07, 2007

VoIP Vulnerabilities Unveiled at Black Hat

Jim Carr writes on SC Magazine Online:

VoIP phone systems, relying on so-called "soft phone" software, may have thousands of potential vulnerabilities, researchers at Sipera Systems said at the annual Black Hat conference this week in Las Vegas.

Sipera revealed a technique that allowed researchers to take remote control of a PC running VoIP and the Session Initiation Protocol (SIP).

SIP is an application-layer control protocol used to create, modify and terminate sessions in IP PBX s, VoIP and other technologies.

The company's VIPER Lab research unit was able to take command of a PC running a soft phone VoIP application and cross boundaries into the data stored on the system. It did so by injecting a buffer overflow with an executable during an SIP-initiated call, according to Eric Winsborrow, Sipera's chief marketing officer.

More here.

0 Comments:

Post a Comment

<< Home