Posted by John Kindervag on December 7, 2009
A couple of network televisions shows have lately caught my eye. Now I’m not a television critic but there were things in these shows that have security implications that warrant some attention. These episodes came just as I had finished some hacking training and provide an opportunity to share some interesting new tools and attack scenarios.
First, Alex Baldwin pimped Cisco’s TelePresence system on 30 Rock. In the episode “The Audition,” Baldwin’s character Jack has bedbugs and is forced to use TelePresence to attend a meeting. There is a very funny bit that takes product placement to a new tongue-in-cheek level:
TelePresence Screen: “Do you like the Cisco equipment?”
Jack: “Of course, it continues to be the gold-standard by which all business technology is judged. Cisco, The Human Network.”
Now while this technology has some real business value there are also inherent security flaws in video conferencing systems running across a corporate network. Because these internal networks are rarely, if ever, encrypted, it is possible to perform an eavesdropping attack on TelePresence or any other similar videoconferencing system. Because these systems run over a converged network and use known protocols, attackers can surreptitiously sniff the network in real time and then reconstruct the video and audio streams. Recently I was lucky enough to attend a hands-on VoIP and UC hacking class at VIPER Lab. VIPER is run by my good friend and former colleague, Jason Ostrom. Jason and his team have been instrumental in developing new research and tools related to voice over IP (VoIP) and unified communications (UC) security. Their live distro — VAST — is available on SourceForge and contains several ground-breaking UC security tools.
Using one of the tools — UCSniff — I was able to recreate a scenario similar to the 30 Rock episode and intercept and view a live videoconference in real time. Here is a screenshot showing the UC Sniff tool intercepting a video call between Jason and me:
Anyone with access to your network can use this tool to eavesdrop on your voice or video conversations. This is why VoIP and UC security is so critical. Any unencrypted call is susceptible to this attack. Imagine that your employees can now listen in as your CEO discusses potential mergers or acquisitions. The risks are real but UC security is often overlooked.
The other show that grabbed my attention was Numb3rs. In the episode entitled "Best Friend in the World," a group of thieves have barricaded themselves inside a diamond exchange and are holding the employees hostage. They’ve tapped into the IP-based video surveillance system and are sending out a feed of cartoons. The FBI agent remarks: “The security company for the exchange says the cameras are linked via a network system. Bad guys hacked into that. Company doesn't know how. Our guys can't figure it out either.” Turns out they probably used another VIPER tool that I was able to use in the training class called VideoJak. VideoJak is a tool that will hijack an IP video feed, record it, and then play it back in a loop. You’ve seen this in the movies where the thieves record some video off the camera and then play it back so that it looks like the hallway/vault/etc. is empty. You can view the Defcon 17 presentation for more detailed information.
All this high technology is great, but be aware that someone may be watching you. There are ways to encrypt these types of transmissions including third party controls and the Secure Real-time Transport Protocol (SRTP). Thanks network TV for making all of us more aware of UC Security.