Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

MediaDefender Phone Call was over VoIP

Published on Sep 18, 2007 in ,

If you’re not familiar with the leak, this article on TorrentFreak talks about phonecalls between a New York attorney and MediaDefender which were leaked out.

Funnily enough (for some), during the phone call one of the parties says: “what we could do if you wanted, change the port … change the login, obviously the password, if you guys need to know the password that we’re using we can just communicate that by phone. …. If you need to .. anything which is really really sensitive we can just communicate in this [phonecall] fashion”.

There were different opinions on how this call was captured. One suggestion floating on the forums are that the VoIP call was recorded by one of the parties (MediaDefender or NY attorney) and put on a compromised server. Another idea is that that the call was sniffed by the attacker.

Which ever way this call was compromised, this show two things with regards to VoIP communications:

  • Phone traffic now goes over the Internet. Don’t assume that your call cannot be intercepted over the Internet .. that assumption is very outdated.
  • Encryption definitely has an important place in VoIP security. In this case, it would probably have helped

Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.