Penetration testers have demonstrated a way of compromising computers by subverting VoIP software clients.
The testers, who are from VoIP security firm Sipera, claim that they have found similar vulnerabilities in several vendors’ enterprise VoIP software clients. Sipera would not reveal the identity of the affected vendors, because they have not yet brought out patches.
The testers demonstrated a proof-of-concept exploit for one of the VoIP clients at the Black Hat security conference in Las Vegas on Wednesday. On a laptop running Windows XP SP2 with a Windows firewall, running McAfee antivirus, Sipera product manager Sachin Joglekar demonstrated a vulnerability that allows a hacker to cause a buffer-overflow condition.
This allows a small script to be inserted on the victim’s laptop, which then enables the hacker to take control of the laptop and view directories, delete them, and steal files and data, Sipera claimed.
Source: zdnet.co.uk
Related posts:
- Vulnerabilities found in VoIP clients Researchers have found a way to break into computers through...
- Top 5 VoIP vulnerabilities in 2007 Sipera VIPER Lab revealed the Top 5 VoIP Vulnerabilities in...
- 2008 – the year VoIP gets hacked? With VoIP rapidly becoming a commodity feature in everything from...
- Internet Explorer security settings and controls This learning guide details the vulnerabilities associated with today’s most...
- Businesses Fail to Heed VoIP Security Threats At the end of 2007, analysts and journalists made their...