Networking

VoIP hacking software released

A new software that can eavesdrop on VoIP-based phone calls has been released by UK-based VoIP expert, Peter Cox.

A new proof-of-concept software that can eavesdrop on VoIP-based phone calls has been released by UK-based VoIP expert, Peter Cox.

Called SIPtap, Cox was inspired to write the software after a chat with PGP-encryption guru Phil Zimmermann, who also created the Zfone. The Zfone is a new secure VoIP phone software product that lets you make encrypted phone calls over the Internet.

Excerpt from The Inquirer:

... the software snuffles around several VoIP call streams, earwigs in on them and records them as .wav files for later distribution. All it takes is one Trojan installed in the company's network and it is good night Vienna for your VoIP network.

Not only that, Cox claims that this hack will work at the ISP level too.

This reminds me of the days of network hubs, when e-mails were easily intercepted. At the moment, the only way around SIPtap is to make sure that your VoIP traffic is properly encrypted.

Additional reading:

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

1 comments
Penguin_me
Penguin_me

A "New" proof of concept ? What about the various tools which have been around since; 2004 - SiVuS (link: http://www.vopsecurity.org/ ) and 2003 - SIPVicious (link: http://code.google.com/p/sipvicious/ ) and probably a few more... Also, back to the encryption of VoIP, what about Skype's encryption (link to German Police "stumped by Skype encryption": http://it.slashdot.org/article.pl?sid=07/11/22/2342249&from=rss ) and a small OSS implementation of SIP encryption (it's a little imature, but the principle is sound: http://opensipstack.org/ )

Editor's Picks