The 9 Coolest Hacks Of 2009

Digital faces, missile defenses, iPod Touches, and even texting teens all were the subject of extreme hacks
Even IP video wasn't sacred this year. Hackers employed a modified man-in-the-middle attack to tamper with IP video surveillance feeds and to eavesdrop on IP video phone conversations.

This summer at Defcon, researchers from Viper Lab used old-school ARP poisoning and a little ingenuity to demonstrate how a criminal could mask a crime by tampering with a company's IP video surveillance system, replacing the video showing him breaking in with a benign clip.

"You can do this with email and VoIP -- we're just doing a new twist on an old attack to show people that these vulnerabilities are out there for IP video," says Jason Ostrom, director of Viper Lab, the research arm of Sipera Systems, which sells security products for VoIP and unified communications technologies.

Only about one in 20 organizations secures its IP video with encryption or other measures, according to Sipera's research, so IP video is ripe for attack. Ostrom and fellow researcher Arjun Sambamoorthy used a pair of homegrown open-source tools to perform the hacks at Defcon: UCSniff tool, which performs video eavesdropping, and VideoJak, which intercepts and replays video.

An attacker needs physical access to the IP network to execute these hacks, the researchers say, as well as access to a VLAN port on which the video application resides.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading