People who use public WiFi to make iPhone calls or conduct video conferences take heed: It just got a lot easier to monitor your conversations in real time.
At a talk scheduled for Saturday at the Toorcon hacker conference in San Diego, two security researchers plan to show the latest advances in the open-source UCSniff tool for penetrating voice-over-internet-protocol systems. With a few clicks of a mouse, they will eavesdrop on a call between two audience members using popular iPhone applications that route the calls over the conference network.
...
"If we can do this, there are many, many people out there who can do this. It's not rocket science," ...
Larry wrote in news:Xns9CAFC997AD82noonehomecom@74.209.131.13:
You don't read very well, among other things.
The goal was not to trace the call, but to listen to it. Listen to it after coming out of your computer and before going to it's next destination. Listening to it as it gets to your computer. All easily done by sniffing the hotspot you're computer is using at the time.
But thanks for once again showing that you have no clue about technology. The only difference between you and John Novice is...well...nothing. Oh wait- that's not fair- you are much more paranoid.
Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:
Total Recorder works quite well both transmit and receive on Skype calls....
If they got a virus in that would work. Maybe there's ALREADY a virus in a new Iphone to do just that. God, that'd make a headline Apple would regret, wouldn't it. Even the apologist fanbois would be furious!
I think the ARP cache pollution they do to get everyone to send the packets they want through the PC doing the tap is kind of cute (though this may just show my ignorance of the state of the art for this stuff), but you are right that none of that is rocket science.
They do mention, however, that Sipera plans to introduce a SIP/RTP encryption product next week, so demonstrating how low the bar is for wiretapping SIP-based VoIP with a nice applicaton is probably good marketing. Of course iPhone applications in particular could also secure this stuff by sending it over the 3G phone company connection rather than WiFi, but I don't think Apple's restrictions on what applications can do on the phone are there to protect their users' best interests.
You don't really need a man-in-the-middle type of exploit in order to sniff SIP traffic. It can be done by simply taping the ethernet cable, or sniffing the 802.11 traffic. I don't know why that was included. The only problem is that stock NDIS5 Windoze driver does not have a wireless monitor mode sniffing ability. That means you can only sniff traffic to/from a device to which you are connected. Monitor mode (and promiscuous mode) work fine for wired ethernet, but not for 802.11.
CACE has a monitor/promiscuous mode driver for Windoze that will work.
Wireless sniffing with Linux works just fine.
The hints of impending disclosure of a possible serious vulnerability might have inspired Sipera to pre-announce new encryption technology. If the exploit fizzles, or there's no clamor for encryption, they'll just quietly drop the idea. Incidentally, I couldn't find a link to such a product announcement. Oh, it's Sipera, not Sipura/Linksys. One of these daze, I'll get them straight.
There are no current restrictions on VoIP over 3G on the iPhone. However, making phone calls over 3G is silly. The cost per byte is much more than over Wi-Fi. The main draw is free (or almost free) phone calls using a coffee shop, home, office, airport, hotspot at costs far less than cellular.
Meanwhile, at the alt.internet.wireless Job Justification Hearings, Larry chose the tried and tested strategy of:
What on earth are you talking about? If somebody's intercepting your wireless traffic, they're not going to be scanning any ports. Fire up Wireshark some time and you'll see what I mean.
Sure, except there's a whole bunch of ethernet cables but only a few of them will be carrying the traffic you want to look at. Ethernets are always L2-routed by switches these days so if you plug into a random port in a switch on the network the only third party traffic you'll see coming out are multicasts, not someone else's RTP. If you want to see unicast traffic to and from a particular host you need to physically insert yourself into the wire which connects that host to its switch port, or the wire which attaches the router the host is using to a switch port, or one of the interswitch trunks between the host's switch and the router's switch, without anyone noticing. That's 3 or 5 particular wires that you'd need to attach to, out of maybe 100's or even 1000's on a big network. And for a passive 802.11 tap you'd need to not only be hearing the same AP as the client you're interested in but also close enough to hear the client's transmissions in the other direction.
Compared to this the ARP thing is very nice. If you know who you want to hear then just connect to the network anywhere, at any random switch port or any AP on the same ethernet (not necessarily even in the same room, or building) and arrange for the particular traffic you want to look at to be delivered directly to where you are by the network.
I didn't know they'd removed that restriction. I don't get the cost thing, though, at least if we're talking about costs the user pays (and I'm not sure why the user would care about anything else). iPhone data plans are flat rate unlimited on AT&T so the marginal cost for using the phone company's network is the same as WiFi, i.e. free or close to it. If VoIP-over-3G isn't popular (and I'd bet that's the case if the phone company, which does pay the costs, isn't complaining about it any more) I'd bet it has more to do with the delays their network introduces.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.