I can't be at Black Hat, but here's a presentation going on that I wouldn't miss if I could be. I'll reach out to my friends and Sipera and see what more I can learn. if any readers are at Black Hat, we'd love to hear what you learn. Drop me an email or call me?

SIPERA TO DEBUT VOIP-TO-DATA EXPLOIT AT BLACK HAT USA 2007
Sipera VIPER Lab to Demo Data Loss/Theft Exploit Via VoIP and Other Possible Attacks on WiFi Dual-Mode Phones

Richardson, TX, July 30, 2007 – Sipera Systems, the leader in comprehensive security for VoIP, mobile and multimedia communications, today announced Sipera VIPER Lab will demonstrate a VoIP exploit that allows hackers to take control and delete or steal data from a laptop running an enterprise VoIP softphone, at the Black Hat USA 2007 conference. The demonstration will also show that fully deployed, traditional data security is not adequate to protect data from a real-time, VoIP communications attack.

Sipera VIPER Lab will also review various WiFi/dual-mode phone threats as part of its “Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones” presentation, which will take place within the Voice Services Security track on August 1st at 4:45 p.m. Black Hat briefings bring together the best minds from government agencies and global corporations with the most respected independent researchers and hackers. The Black Hat invitation to present reflects both peer recognition of Sipera’s leadership in VoIP and Unified Communications (UC) security, and increasing awareness of VoIP/UC vulnerabilities and exploits.

“The fact that a known vulnerability in VoIP can be used to create an exploit to steal data should serve as a wake up call to all Chief Security Officers that VoIP security should be escalated as a must-have requirement when deploying Unified Communications,” said Eric Winsborrow, Sipera CMO and former VP Product Marketing at McAfee. “Enterprises spend billions of dollars on traditional data security, and closely monitor OS vulnerability announcements on the first Tuesday of the month. Meanwhile, Sipera VIPER Lab has identified an exhaustive list of VoIP vulnerabilities that can be exploited to disrupt critical business communications, and in this case, steal confidential data through a security hole that data security vendors are fundamentally unable to address. The regulatory impact on this exploit, alone, should it happen in the wild, would be severe.”

Over the past four years, Sipera VIPER Lab has identified thousands of VoIP vulnerabilities, most of which cannot be addressed by encryption, authentication, or other data security measures. Sipera VIPER Lab has published threat advisories for several WiFi/dual-mode phones, softphones and VoIP hardphones, including those allowing remote attackers to carry out spoofing and denial-of-service attacks, unwanted reboots, uninitiated toll calls, and, in one case, remote access to private call records. These vulnerabilities are posted at http://www.sipera.com/viper as an educational security service to Sipera’s customers and the general public.

About Sipera Systems
Sipera Systems provides enterprises and service providers with comprehensive VoIP security solutions that protect, control and manage real-time unified communications. The Sipera IPCS™ products combine VPN, Firewall/SBC, Intrusion Prevention, Anti-Spam, Compliance and Troubleshooting functionality for VoIP systems in a single device. This securely enables IP PBXs, VoIP remote users, SIP trunks, data/voice VLANs, hosted VoIP services and IMS or UMA-based networks. Comprised of top vulnerability research experts, the Sipera VIPER™ Lab concentrates its efforts towards identifying VoIP vulnerabilities, while Sipera LAVA™ tools verify networks’ readiness to resist attacks. Founded in 2003, and backed by Sequoia Capital, Austin Ventures and Star Ventures, Sipera is headquartered in Richardson, TX. Visit http://www.sipera.com.

Sipera, Sipera logo, Sipera IPCS, Sipera IPCS 210, Sipera IPCS 310, Sipera IPCS 410, Sipera IPCS 510, Sipera IPCS 520, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.