NEWS: Hotspot sniffer eavesdrops on iPhone [VoIP & video] inreal-time
in [Wireless Internet]
|
Prev: NEWS: Hotspot sniffer eavesdrops on iPhone [VoIP & video] in real-time
Next: Folded Dipole Calculator Help
From: Dennis Ferguson on 25 Oct 2009 02:33 On 2009-10-25, Jeff Liebermann <jeffl(a)cruzio.com> wrote: > On Sat, 24 Oct 2009 14:06:30 -0700, John Navas ><spamfilter1(a)navasgroup.com> wrote: >> they will eavesdrop on a call between two audience members using >> popular iPhone applications that route the calls over the conference >> network. >> >>MORE: >><http://www.theregister.co.uk/2009/10/23/iphone_voip_sniffing_made_easy/> > > I guess that might be Skype. I'll believe it when I see it: ><http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/> ><http://intelligencenews.wordpress.com/2009/08/28/02-140/> No, my guess would be that they're talking about standard, SIP-based VoIP (mostly because they quote someone from Sipera about business usage). Dennis Ferguson
From: Dennis Ferguson on 25 Oct 2009 23:55 On 2009-10-25, Jeff Liebermann <jeffl(a)cruzio.com> wrote: > On Sun, 25 Oct 2009 01:33:54 -0500, Dennis Ferguson ><dcferguson(a)pacbell.net> wrote: > >>On 2009-10-25, Jeff Liebermann <jeffl(a)cruzio.com> wrote: >>> On Sat, 24 Oct 2009 14:06:30 -0700, John Navas >>><spamfilter1(a)navasgroup.com> wrote: >>>> they will eavesdrop on a call between two audience members using >>>> popular iPhone applications that route the calls over the conference >>>> network. >>>> >>>>MORE: >>>><http://www.theregister.co.uk/2009/10/23/iphone_voip_sniffing_made_easy/> >>> >>> I guess that might be Skype. I'll believe it when I see it: >>><http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/> >>><http://intelligencenews.wordpress.com/2009/08/28/02-140/> > >>No, my guess would be that they're talking about standard, >>SIP-based VoIP (mostly because they quote someone from Sipera >>about business usage). > > Oh well. SIP Sniffing is not rocket science. I use Cain and Abel: ><http://www.oxid.it/ca_um/topics/voip.htm> > or WireShark with a SIP/RTP capture filter: ><http://wiki.wireshark.org/SIP> ><http://wiki.wireshark.org/CaptureFilters> (near bottom of page) ><http://www.wireshark.org/docs/dfref/s/sip.html> > I've never tried it via wireless but as long as I don't have to deal > with WPA encryption, it doesn't seem like much of a challenge. I think the ARP cache pollution they do to get everyone to send the packets they want through the PC doing the tap is kind of cute (though this may just show my ignorance of the state of the art for this stuff), but you are right that none of that is rocket science. They do mention, however, that Sipera plans to introduce a SIP/RTP encryption product next week, so demonstrating how low the bar is for wiretapping SIP-based VoIP with a nice applicaton is probably good marketing. Of course iPhone applications in particular could also secure this stuff by sending it over the 3G phone company connection rather than WiFi, but I don't think Apple's restrictions on what applications can do on the phone are there to protect their users' best interests. Dennis Ferguson
From: Dennis Ferguson on 26 Oct 2009 07:29
On 2009-10-26, Jeff Liebermann <jeffl(a)cruzio.com> wrote: > On Sun, 25 Oct 2009 22:55:05 -0500, Dennis Ferguson ><dcferguson(a)pacbell.net> wrote: > >>I think the ARP cache pollution they do to get everyone to send >>the packets they want through the PC doing the tap is kind of >>cute (though this may just show my ignorance of the state of the >>art for this stuff), but you are right that none of that is rocket >>science. > > You don't really need a man-in-the-middle type of exploit in order to > sniff SIP traffic. It can be done by simply taping the ethernet > cable, or sniffing the 802.11 traffic. I don't know why that was > included. The only problem is that stock NDIS5 Windoze driver does Sure, except there's a whole bunch of ethernet cables but only a few of them will be carrying the traffic you want to look at. Ethernets are always L2-routed by switches these days so if you plug into a random port in a switch on the network the only third party traffic you'll see coming out are multicasts, not someone else's RTP. If you want to see unicast traffic to and from a particular host you need to physically insert yourself into the wire which connects that host to its switch port, or the wire which attaches the router the host is using to a switch port, or one of the interswitch trunks between the host's switch and the router's switch, without anyone noticing. That's 3 or 5 particular wires that you'd need to attach to, out of maybe 100's or even 1000's on a big network. And for a passive 802.11 tap you'd need to not only be hearing the same AP as the client you're interested in but also close enough to hear the client's transmissions in the other direction. Compared to this the ARP thing is very nice. If you know who you want to hear then just connect to the network anywhere, at any random switch port or any AP on the same ethernet (not necessarily even in the same room, or building) and arrange for the particular traffic you want to look at to be delivered directly to where you are by the network. >>Of course iPhone applications in >>particular could also secure this stuff by sending it over the 3G >>phone company connection rather than WiFi, but I don't think Apple's >>restrictions on what applications can do on the phone are there >>to protect their users' best interests. > > There are no current restrictions on VoIP over 3G on the iPhone. > However, making phone calls over 3G is silly. The cost per byte is > much more than over Wi-Fi. The main draw is free (or almost free) > phone calls using a coffee shop, home, office, airport, hotspot at > costs far less than cellular. I didn't know they'd removed that restriction. I don't get the cost thing, though, at least if we're talking about costs the user pays (and I'm not sure why the user would care about anything else). iPhone data plans are flat rate unlimited on AT&T so the marginal cost for using the phone company's network is the same as WiFi, i.e. free or close to it. If VoIP-over-3G isn't popular (and I'd bet that's the case if the phone company, which does pay the costs, isn't complaining about it any more) I'd bet it has more to do with the delays their network introduces. Dennis Ferguson |