Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface. At the Defcon hacker conference in Las Vegas, the Viper Lab researchers demonstrated …
We've been doing this since the days of the analog telco switching system. Look up "drop & insert".
We were doing the same thing in the mid '80s when testing Cisco gear and other peripheral T-carrier hardware that allowed mixed voice & data (early fractional T1 equipment sometimes could read the entire T1 signal if the telco set things up (im)properly, leading to obvious security headaches). Granted, we had to have access to the physical media, but ... oh. Never mind.
Maintain capability my ass
But dude, we were told in all honesty by the man from GCHQ that it was IMPOSSIBLE to intercept the internet and that was why they needed mass surveillance of every connection without warrants or due process.
"Maintain capability" was the sound-bite he used.
Now you're telling us that you don't even need control of the router like the ISP has to intercept calls? How can that be?????!!!??
Surely the head of GCHQ wouldn't lie to us? He's a man of such integrity that they propose giving him unmoderated surveillance power, so he must be some sort of super honest hero type and you must be Darth Laden or something trying to turn us against these heros who want to watch over us...
So that's good news for these people:
Where's the CCTV icon?
Must have this to hand the next time I take a Pearson Vue or Prometric exam... ahem.
It reminds me of Kevin Bacon in Hollow Man.
But its just an ARP poisoner with some basic video tools slapped on. The real vulnerability here has been around a long time, this is just an old flaw wrapped in a snazy new UI.
Anyone who has access to your local network can do the same thing with emails, web transactions, or whatever. In fact, I think some hackers recently did the same thing to steal credit card numbers.
"We basically pwn the phone."
That's quoted as direct speech in the original article. Call me naive, but I thought that neologism was strictly a keyboard phenomenon. How did the speaker pronounce "pwn"?
How much trouble I'll get in if/when I play with this app on our corporate network....
People pronounce "pwn" differently depending on where you come from. I (and most of my friends) in Australia pronounce it as "poon" with a short "oo" as in "book"; a brief plosive sound. I've also heard it pronounced as "pun", "pown" - "own" with a p tacked onto it, "pawn" as in the chess piece, and "poon" with a longer "oo" as in "soon". The past tense, "pwnt", is pronounced by simply tacking a t onto the end of however you pronounce it. There are several audio examples on urbandictionary.com as well if you look it up. So go and practice saying this nice little vowel-less word, and do your part in the destruction of the English language! :)
Re "Maintain capability my ass" from AC; 09:02 GMT
You can't "intercept the internet" without comprehensive coverage, and the only practical way of doing this is via the ISP. I know it went right over your head, but tapping into "the internet" by intercepting a cable would only allow you to read traffic over that cable.
What GHCQ want to do is cover every cable by monitoring them at the ISP, ok?
The reason they can intercept telephone calls here is because they have access to the network. If you'd read it properly, you would have seen this in the story "Obviously, the tool requires physical access to the network being targeted"
If the government had physical access to your network, then they would be able to do it as well. However it's simpler, faster and cheaper to put boxes in the ISP's than put one in every single network in the country.
I do hope your one of the 20% of visitors here that's not actually working in IT.
"........I thought that neologism was strictly a keyboard phenomenon."
Really? Exactly what are the 6th century words for "Blunderbuss", "Calculus" and "Turbine" then? All around before there was a keyboard to invent them on.....
Old, old, old.
ARP spoofing has been around as long as ARP and IP has been in use, i.e. a long time. Using it for VoIP and Video-over LAN is new, but merely a new application of an old technique.
Unfortunately, gratuitous ARP is too useful in device failover scenarios for it to be removed from the standard for all devices. The answer is to make sure that nobody has unauthorised access to the LAN, and of course when we say LAN here, we are talking about the routed segment that runs the same subnet as one of the end-point systems. This is why the technique is not applicable to the Internet as a whole.
*that* neologism @TeeCee
Ah, the absence of decent operator precedence rules in natural language...
I think he meant (I thought (that neologism) was a keyboard phenomenon)
rather than (I (thought that) ([all] neologism) was a ...)
I'm assuming it would be pretty difficult to do this if the video feed was encrypted. And what sort of moron would send security critical video without encrypting it, expecially across a public network?
Given that then what we have here is yet another case where the vulnerability only exists if you don't do things properly. A lot of supposed vulnerarbilities seem to me to be somewhat like claiming a particular model of car is vulnerable to theft if you leave the keys in the ignition.
Eh?! Is it 1990 again?
First things first - networks ain't my thing.
So, that said, I thought ARP poisoning went out with hubs and perms? So that would require the box to be plugged into the same network segment as the camera (somewhat more difficult than just binding to the network at any given point).
It's a nice excercise, but hardly ground breaking or particularly worrisome. If people are in your roof space patching your cables then your CCTV isn't top of your "oh dear Lord" list. It just proves the old point about physical security (notably that if you ain;t got it you ain't got *any* security) Nice party trick all the same.
It'd be nice to see a remote exploit of it - now that would have value...
> "You can't "intercept the internet" without comprehensive coverage, and the only practical way of doing this is via the ISP. I know it went right over your head, but tapping into "the internet" by intercepting a cable would only allow you to read traffic over that cable."
Because, you know, the Chinese equipment UK ISP's install for normal control of their networks is not as capable as the same Chinese equipment US ISP's install for normal control, that the FBI use all the time to intercept VoIP calls, [encrypted] video, emails, etc. all day long... just as soon as there is a legal warrant for the particular person involved, and the ISP routes that traffic through the specified box(es) at the monitoring center...
> "What GHCQ want to do is cover every cable by monitoring them at the ISP, ok?"
Just like the US does now, with the normal equipment already installed. The US just has to have a warrant, just like the UK does now. The GHCQ just want to be able to do this without having to deal with warrants or judges or "probably cause".
> "The reason they can intercept telephone calls here is because they have access to the network. If you'd read it properly, you would have seen this in the story "Obviously, the tool requires physical access to the network being targeted""
You know, like, physically plugging a cable into the Internet... hmmm... If the ISP is able to "intercept" it, then they can route/copy packets to the authorized, legal monitoring center when there is a warrant.
> "If the government had physical access to your network, then they would be able to do it as well. However it's simpler, faster and cheaper to put boxes in the ISP's than put one in every single network in the country."
Yeah, put the boxes in the ISP, to bypass the current capability to route this traffic based upon the ISP's subscription information for the person listed on the duly requested and judge approved warrant. After all, warrants and judicial review are so pesky, aren't they? And, its not like the ISP would know which IP address was which address or person at any particular time of day (disregarding time zones, eh)? Oh, what's that?...
> "I do hope your one of the 20% of visitors here that's not actually working in IT."
It is obvious you do not work in governmental oversight... I mean, security, IT. If you do, then this is disingenious to even the non-IT readership here. Sorry, but I do. I know current systems have to do this, because its _my_ job if it _doesn't_ do it.
Anonymous - "I could tell you, but then I'd have to..." That's a quote, not a threat, so no option for you to sue or file complaint, sorry. Sorry, there's someone at the door. I am so used to the stomping of jack boots in unison, it no longer is worth getting excited about anymore. But, I know they like my coffee... :)
AC asked: "Where's the CCTV icon?"
<--- that would be the Big Brother icon...