VoIP-to-Data exploit to be presented at Black Hat USA 2007

Sipera VIPER Lab will demonstrate a VoIP exploit that allows hackers to take control and delete or steal data from a laptop running an enterprise VoIP softphone, at the Black Hat USA 2007 conference. The demonstration will also show that fully deployed, traditional data security is not adequate to protect data from a real-time, VoIP communications attack.

Sipera VIPER Lab will also review various WiFi/dual-mode phone threats as part of its “Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones” presentation, which will take place within the Voice Services Security track on August 1st at 4:45 p.m. Black Hat briefings bring together the best minds from government agencies and global corporations with the most respected independent researchers and hackers. The Black Hat invitation to present reflects both peer recognition of Sipera’s leadership in VoIP and Unified Communications (UC) security, and increasing awareness of VoIP/UC vulnerabilities and exploits.

“The fact that a known vulnerability in VoIP can be used to create an exploit to steal data should serve as a wake up call to all Chief Security Officers that VoIP security should be escalated as a must-have requirement when deploying Unified Communications,” said Eric Winsborrow, Sipera CMO and former VP Product Marketing at McAfee. “Enterprises spend billions of dollars on traditional data security, and closely monitor OS vulnerability announcements on the first Tuesday of the month. Meanwhile, Sipera VIPER Lab has identified an exhaustive list of VoIP vulnerabilities that can be exploited to disrupt critical business communications, and in this case, steal confidential data through a security hole that data security vendors are fundamentally unable to address. The regulatory impact on this exploit, alone, should it happen in the wild, would be severe.”

Share this