This summer at Defcon, researchers from Viper Lab used old-school ARP poisoning and a little ingenuity to demonstrate how a criminal could mask a crime by tampering with a company's IP video surveillance system, replacing the video showing him breaking in with a benign clip.
"You can do this with email and VoIP -- we're just doing a new twist on an old attack to show people that these vulnerabilities are out there for IP video," says Jason Ostrom, director of Viper Lab, the research arm of Sipera Systems, which sells security products for VoIP and unified communications technologies.
Only about one in 20 organizations secures its IP video with encryption or other measures, according to Sipera's research, so IP video is ripe for attack. Ostrom and fellow researcher Arjun Sambamoorthy used a pair of homegrown open-source tools to perform the hacks at Defcon: UCSniff tool, which performs video eavesdropping, and VideoJak, which intercepts and replays video.
An attacker needs physical access to the IP network to execute these hacks, the researchers say, as well as access to a VLAN port on which the video application resides.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.