Dominic Chell (Director, MDSec) & Shaun Colley (Security Consultant, MDSec)
PRESENTATION TITLE: Practical Attacks Against Encrypted VoIP Communications
Due to the often-sensitive nature of VoIP calls, it is well understood that packets in VoIP sessions should be encrypted in the interests of secrecy and confidentiality. The privacy associated with popular VoIP software is increasingly a concern not only for individuals but also for corporations whose data may be discussed via VoIP phone calls, especially in light of the recent PRISM hype.
This work evaluates voice data privacy within popular VoIP software using Microsoft’s Skype as a case study; in particular, we use statistical models and other natural language processing-like methods to spot known phrases in encrypted VoIP conversations in real-time. We then develop the techniques further to facilitate recovery of spoken phonemes to a degree of accuracy such that parts of live conversations can be recovered from encrypted VoIP streams. We take these concepts from theory to practice by presenting live proof-of-concept demonstrations, with these tools being publicly released at the end of the talk.
Furthermore, we discuss and develop how these principles may be applied to other networking protocols such that a loss of privacy or security compromise may occur.
ABOUT DOMINIC CHELL
Dominic Chell is a Director and Co-Founder of MDSec. He has been involved in the security community for over a decade, of which 8 years has been working as a consultant and researcher in the private sector. Dominic has been leading security research projects into mobile, embedded and database technologies culminating in the release of numerous whitepapers, tools and vulnerabilities.
Prior to founding MDSec, Dominic worked for NGSSoftware as a Principal Security Consultant where he focused on performing product assessments, security reviews of source and designs and penetration testing of web applications and network infrastructure.
ABOUT SHAUN COLLEY
Shaun Colley is a Senior Security Consultant at MDSec, where he specialises in product assessment, mobile security and reverse engineering engagements for a wide range of different clients, including those in the banking, legal and technology sectors. Outside of client work, Shaun has been responsible for the discovery of numerous vulnerabilities in major software products. He has been involved in the security scene for around a decade.
Prior to joining MDSec, Shaun worked as a security consultant for IOActive and NGSSoftware / NCC Group.