Synopsis: Blue Box Video Edition #1: SIP softphone exploit demonstration by Sipera Systems recorded at VoiceCon San Francisco 2007
Welcome to Blue Box: The VoIP Security Podcast Video Edition #1, a 5-minute video podcast from Dan York showing an exploit of a SIP softphone by Sipera Systems.
In this first video podcast, Dan interviewed Sachin Joglekar, Vulnerability Research Lead for Sipera Systems, about the exploit that Sipera first demonstrated at Black Hat USA 2007 last month in Las Vegas. Sachin shows how by sending a specific SIP packet, he can crash the SIP softphone but in doing so have it execute server code to which he can connect via netcat. He then has a command prompt on the Windows system and can execute arbitrary commands. In this case he just copied over some files. He did indicate that they are working with the vendor of the (unnamed) SIP softphone to correct the problem.
The interview was recorded on the show floor of VoiceCon San Francisco 2007.
You may also view the show here on this page:
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to firstname.lastname@example.org. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'email@example.com' to leave a comment there.
Given that this is our very first "video edition", comments are definitely appreciated. We may try to do more of these in the future.
Thank you for listening and please do let us know what you think of the show.
P.S. Those of you wanting to know more about how I recorded the video and the tools I used (hint: I just used my Canon point-and-shoot camera) can read my post over on my Disruptive Conversations blog.