VideoJak: Hijaking IP Video Calls!!!

VIPER Lab, released yet another free VoIP Assessment tool on 24th Feb this time targeting VoIP video calls. VideoJak is a proof of concept tool to simulate Denial of Service attack against Cisco 7985 Video IP Phones.
VideoJak is first of its kind security tool released in public that analyzes and exploits vulnerabilities in H.264 codec.

Official website of VideoJak comments

VideoJak is designed in consideration of todays UC infrastructure implementions
in which QoS requirements dictate the separation of data and VoIP/Video into discrete networks or VLANs.

Following are the features supported by VideoJak tool.

  • VLAN Discovery (CDP) and VLAN Hop
  • Call pattern tracking for SIP and SCCP
  • signaling protocols Audio codec (G.711u, G.722) and Video codec (H.263, H.264) support
  • Creates custom payload from H.263/H.264 packet capture
  • MitM functions and host management
  • Allows user to select ongoing video call from a menu
  • Allows user to select a targeted IP Phone for DoS within the video session
  • Enables the user to send the attack during an active, ongoing video call

Videojak uses ettercap for unified sniffing with custom dissectors to detect ongoing video call sessions. Once it detects active video call, user can choose target video phone and launch attack against it.
Videojak sends malicious H.264 payload against the target phone causing phone a severe DoS condition. Target phone once attacked will not be able to listen and view any media comming from connected call session. Finally phone reboots causing interrupt in its service.

Tool is very easy to install on BackTrack security Distribution.  To install it on Fedora or any other Linux flavor, dependencies from libpcap and libnet need to be satisfied. User friendly help and usage information is provided with the tool. Here are some screenshots showing VideoJak in action.

vj-ss1

I have posted about XTest tool from VIPER Lab in my previous posts.  This is the third tool published by VIPER Lab after XTest and  UCSniff . VIPER Guys are planning to add many new exciting features in UCSniff and VideoJak.  Stay tunned for getting more VoIP assessment tools from their Basket..

vj-ss2

You can learn more about these tools from their official website here.  Download VideoJak here.

Advertisements

About this entry