VoIP Security Exploit Demo

Our client, a Voice-Over-IP (VoIP) security appliance manufacturer, tasked us to build a VoIP security exploit demonstration. The technical details of the security exploit itself are, of course, proprietary.

This client/server system is written in C++ using UDP sockets and std:: containers.

The Win32 client is a multi-threaded app with GUI.

The Unix/Linux server uses a single-threaded event-driven design (similar to boost::asio’s strands concept and ligttpd’s approach). We selected this architecture over a multi-threaded one, and before its subsequent support and popularity in many programming languages, for these reasons:

  • The incoming UDP data provides its own context better than a thread of control for this particular application.
  • Concurrency gives no processing gain in this case.
  • This light-weight, single-threaded, event-driven approach scales better for large numbers of simultaneous clients.

Both client and server use the open-source Crypto++ library.