Amarjit Singh

The original exploit was first demonstrated more than a year ago, but sadly, most corporate networks are still vulnerable to it, says Jason Ostrom, director of VIPER Lab at VoIP vendor Sipera, where he performs penetration tests on clients business VoIP networks.

Only about one in 20 organizations secures its IP video with encryption or other measures, according to Siperas research, so IP video is ripe for attack. Ostrom and fellow researcher Arjun Sambamoorthy used a pair of homegrown open-source tools to perform the hacks at Defcon, which performs video eavesdropping, and VideoJak, which intercepts and replays video.

However, the attacker needs physical access to the IP network to execute these hacks, the researchers say, as well as access to a VLAN port on which the video application resides. Ostrom demonstrated the attack at the Forrester Security Forum in Boston last week using a Cisco switch, two Polycom videophone and a laptop armed with a hacking tool called UCSniff that he pulled together from open source tools. How VoIP, IP video hack works Hacker needs to get access to a VoIP phone jack to which he plugs a laptop with the hacking tool- UCSniff. Using address-resolution protocol (ARP) spoofing, the device gathers the corporate VoIP directory, giving the hacker the ability to keep an eye on any phone and to intercept its calls. Theres a tool within UCSniff called ACE that simplifies capturing the corporate directory.

Once intercepted, the audio and video from the targeted call flow through the laptop, where it can be viewed as it streams by and also where it is recorded in separate files, one for each end of the conversation, Ostrom says.

They used UCSniff to record a safe video stream, then converted it to an AVI file. Then we used the VideoJak tool that also supports man-in-the-middle, he says. VideoJak intercepts the video stream, and replaces it with a malicious or phony video payload.

So, for instance, a bad guy could replace a surveillance feed of his breaking into the CEOs office with a routine clip trained on the office door, with no sign of the break-in.

How to Prevent VoIP, Video Conference Hacking? The strongest answer apply Encryption for both signaling and media. The problem isnt with the networking or VoIP and video gear itself, but rather with how they are configured in the network.

The scary thing is, 70% of the networks tested by pen-testers are vulnerable to toll fraud attacks that use the corporate network as a proxy for make long distance calls.