New VOIP security flaw exploits shown at Black Hat USA
The Viper Lab division of Internet telephony security specialist Sipera caused a stir at Wednesday’s Black Hat USA IT security convention when researchers showed how easy a VOIP softphone was to hack.
In its demonstration, Sipera highlighted one of several VOIP security flaws which allow hackers to take control of a laptop running a standards-based VOIP softphone.
During the demo – part of the Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones presentation – researchers showed how it is possible to remotely modify and even delete files on a VOIP-enabled notebook PC without permission from the local user.
Commenting on the demonstration, Geoff Sweeney, CTO of behavioural analysis IT security vendor Tier-3, said that Sipera’s research shows how new security flaws are generated whenever new leading edge technology arrive in the marketplace.
“Sipera has shown how conventional IT security software can be bypassed using flaws in a standards-based VOIP softphone. It illustrates the clear need that all computer users have for next generation IT security software, which includes behavioural analysis as a standard feature, in order to lock down previously unknown threats before they cause any damage,” he said.
