Researcher Demonstrates Hack into VoIP
Peter Cox, a VoIP expert in the UK, has published a proof-of-concept code to demonstrate that VoIP-based calls are vulnerable to eavesdropping that could lead to compromise of confidential information. Naturally, this can become a big problem for organizations that are planning to adopt or have already adopted VoIP technology on their telephony systems.
The software, which is called SIPtap, continuously sniffs the VoIP calls, intercepts its conversations, and records the information in files named .wav for future distribution. For a criminal, he just needs to infect only one computer within the network by placing a Trojan. The hack is operable at the level of ISP (Internet Service Provider) as well.
The capabilities of SIPtap suggests that the most serious cases of the VoIP flaw are now quite within the ability of organized criminals, who could employ this malicious application for the theft of confidential and important data from businesses, government agencies and even police departments.
SIPtap has the ability to compile the caller's intercepted VoIP calls with the use of SIP identity information. It is also capable of indexing the calls by date and recipient.
Peter Cox, the writer of the software and Co-founder of BorderWare, the firewall vendor, is now setting up a VoIP consultancy for his own practice. Cox got the inspiration to develop the software from an interaction with Phil Zimmermann, the designer of Zfone, the tool that uses call encryption to prevent VoIP call tapping.
Pointing out the security weaknesses in VoIP, Cox said that in the initial days of the VoIP technology, there exists a lack of knowledge. AHN published this on November 25, 2007. Cox explained organizations that use VoIP think they are secured, but the threat is quietly placing a Trojan on the company network to intercept calls remotely on the Net.
When SIPtap was run during August to November 21, 2007 no problems had surfaced in extracting information from the network under test, which proves that recording calls of any VoIP telephone conversation is a simple exercise, reported TechWorld.
Cox feels a VoIP network should be built with the same force and strength as with constructing a Website.
» SPAMfighter News - 06-12-2007