27C3 - Version 1.6.3

27th Chaos Communication Congress
We come in peace

Day Day 4 - 2010-12-30
Room Saal 3
Start time 17:15
Duration 01:00
ID 4193
Event type Lecture
Track Hacking
Language used for presentation English

Having fun with RTP

„Who is speaking???“

A lot of people are interested and involved in voice over IP security. Most of the effort is concentrated on the security of the signalling protocols. This talk is focussing on the security of the voice part involved in todays voice over IP world. It is the result of the questions that I had to ask myself while i was debugging audio quality problems of customers and implementing a RTP stack from scratch.

The talk gives an introduction on the shortcomings of the Realtime Transport Protocol (RTP), how systems attempt to work around them and how they introduce security vulnerabilites. A few short demonstrations will give an idea on how they can be exploited in the real world (denial of service, man in the middle attacks, call redirection). The last part of the talk will discuss some solutions to fix those vulnerabilities.